Update junit template to show 1 successful test per target if no vulnerabilities detected

[pboushy]

Description

Jenkins JUnit plugin expects there to be at minimum 1 test showing either success, failed, error, or skipped.
If there are 0 test results, it errors unless you set allowEmptyResults: true, but this also masks the error where the test file is not found. This makes it difficult to distinguish between a scanning failure and a successful scan with 0 vulnerabilities.

When you run trivy image --format json --output repo.json ubuntu:22.04 each OS and package shows up as a target in the JSON. It appears that those targets are then converted into testsuites in JUnit.

I would like to have the option for trivy to add 1 successful test per target to a junit output if there are 0 vulnerabilities detected for that target.

I've spent a good bit looking at the junit template, but wasn't able to figure out how I could to this.

Target

Container Image

Scanner

Vulnerability

[DmitriyLewen]

Hello @pboushy
Thanks for your interest to Trivy.

Trivy has Packages array.
It array contains all found language/os package for result.

So you can check length of Package if Vulnerability array is empty. If len(Packages) > 0 - so vulns didn't found.