Skip to content

fix: add Grype version and vulnerability DB info to HTML template#3346

Open
hellozzm wants to merge 1 commit intoanchore:mainfrom
hellozzm:fix/html-template-add-version-info
Open

fix: add Grype version and vulnerability DB info to HTML template#3346
hellozzm wants to merge 1 commit intoanchore:mainfrom
hellozzm:fix/html-template-add-version-info

Conversation

@hellozzm
Copy link
Copy Markdown

@hellozzm hellozzm commented Apr 3, 2026

Summary

The HTML vulnerability report template (templates/html.tmpl) currently does not display the Grype version or vulnerability database version/date in the report header. This makes it impossible to determine from the report output whether it was generated with a recent version of Grype and an up-to-date vulnerability database.

Fixes #2877

Changes

  • Added "Grype Version" row to the report header showing {{.Descriptor.Name}} {{.Descriptor.Version}}
  • Added "Vulnerability DB" row (conditionally shown) displaying the DB metadata as JSON

Testing

  • Verified the template syntax is valid Go templating
  • The Grype version and DB info are already available in the .Descriptor struct (name, version, db fields)
  • No code changes required — only template modification
  • Existing template functionality (date, source info, severity counts, table) is unchanged

@hellozzm
fix: add Grype version and vulnerability DB info to HTML report template
4714ed9 
Add Grype version (name + version) and vulnerability database metadata
to the header section of the HTML vulnerability report template, so
users can verify the tool and DB versions used to generate the report.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

templates/html.tmpl - Add Grype version and vulnerability DB version

1 participant

@hellozzm