https://github.com/fatihtokus/scan2html
A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.
https://github.com/fatihtokus/scan2html
cisa cisa-kev cloud containers devops devsecops epss iac misconfiguration opensource report sbom scan secops security trivy vulnerability vulnerability-management
Last synced: 17 days ago
JSON representation
A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.
- Host: GitHub
- URL: https://github.com/fatihtokus/scan2html
- Owner: fatihtokus
- License: apache-2.0
- Created: 2023-02-09T22:04:23.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2025-12-14T18:50:11.000Z (3 months ago)
- Last Synced: 2025-12-18T05:41:45.444Z (3 months ago)
- Topics: cisa, cisa-kev, cloud, containers, devops, devsecops, epss, iac, misconfiguration, opensource, report, sbom, scan, secops, security, trivy, vulnerability, vulnerability-management
- Language: HTML
- Homepage:
- Size: 15.4 MB
- Stars: 119
- Watchers: 3
- Forks: 13
- Open Issues: 13
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Security: SECURITY.md
Awesome Lists containing this project
README
# scan2html
[](https://scorecard.dev/viewer/?uri=github.com/fatihtokus/scan2html)
[](https://www.bestpractices.dev/projects/9231)
Before moving on, please consider giving us a GitHub star ⭐️. Thank you!
## About scan2html
A [Trivy](https://github.com/aquasecurity/trivy) plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.
Built for teams that care about flexibility, privacy, and control.
---
## Why scan2html
- 100% open-source (Apache-2.0)
- No API keys or rate limits
- Self-contained, data does not leave your system
- Works with your existing Trivy json scan result files too
- Easy to integrate into any CI/CD pipeline
---
## Install
```sh
trivy plugin install scan2html
```
---
## Uninstall
```sh
trivy plugin uninstall scan2html
```
---
## Usage
### Generate a report from multiple json scan results
```sh
trivy scan2html generate --scan2html-flags --output interactive_report.html --from vulnerabilities.json,misconfigs.json,secrets.json
```
Result
### Generate report with EPSS scores from multiple scan results - experimental
```sh
trivy scan2html generate --scan2html-flags --with-epss --output interactive_report.html --from vulnerabilities.json,misconfigs.json,secrets.json
```
Result
### Scan a local folder
```sh
trivy scan2html fs --scanners vuln,secret,misconfig . --scan2html-flags --output interactive_report.html
```
Result
### Scan a k8s cluster
```sh
trivy scan2html k8s cluster --scan2html-flags --output interactive_report.html
```
Result
### Scan a k8s cluster all
```sh
trivy scan2html k8s --report=all --scan2html-flags --output interactive_report.html
```
Result
### Scan a k8s cluster summary
```sh
trivy scan2html k8s --report summary cluster --scan2html-flags --output interactive_report.html
```
Result
### Scan and generate SBOM(spdx) report
```sh
trivy scan2html image --format spdx alpine:3.15 --scan2html-flags --output interactive_report.html
```
Result
## Help
```sh
$ trivy scan2html -h
Usage: trivy scan2html [-h,--help] command target filename
trivy scan2html --scan2html-flags [scan2html flags]
trivy scan2html generate --scan2html-flags [scan2html flags]
Utility Commands
generate Generate a report from multiple json scan results
help Help about any command
version Print the version
Flags:
-h, --help Show usage.
--output Report name
--report-title Report Title
--with-epss Include EPSS data
--with-exploits Include Exploits
--from Comma separated json scan result files
Examples:
# Scan an image
trivy scan2html image --scanners vuln,secret,misconfig,license alpine:latest --scan2html-flags --output interactive_report.html
# Scan an image from local tar file
trivy scan2html image --input ruby-3.1.tar --scan2html-flags --output interactive_report.html
# Scan a local folder
trivy scan2html fs --scanners vuln,secret,misconfig,license . --scan2html-flags --output interactive_report.html
# Scan a k8s cluster
trivy scan2html k8s cluster --scan2html-flags --output interactive_report.html
# Scan a k8s cluster all
trivy scan2html k8s --report=all --scan2html-flags --output interactive_report.html
# Scan a k8s cluster summary
trivy scan2html k8s --report summary cluster --scan2html-flags --output interactive_report.html
# Scan and generate SBOM(spdx) report
trivy scan2html image --format spdx alpine:3.15 --scan2html-flags --output interactive_report.html
# Generate a report from multiple json scan results
trivy scan2html generate --scan2html-flags --output interactive_report.html --from vulnerabilities.json,misconfigs.json,secrets.json
# Generate report with EPSS scores from multiple scan results
trivy scan2html generate --scan2html-flags --with-epss --output interactive_report.html --from vulnerabilities.json,misconfigs.json,secrets.json
# Generate report with Exploitability from multiple scan results
trivy scan2html generate --scan2html-flags --with-exploits --output interactive_report.html --from vulnerabilities.json,misconfigs.json,secrets.json
# Download EPSS and Exploits data for caching - experimental
trivy scan2html --download-all
# Use cached EPSS and Exploits data - experimental
trivy scan2html image alpine:latest --scan2html-flags --with-cached-epss --with-cached-exploits --output interactive_report.html
```