fixed a directory issue

2026-03-22 12:56:25 -07:00
parent d8b2d87062
commit 876f9b5c18
1 changed files with 18 additions and 7 deletions
--- a/playbooks/docker-security-audit.md
+++ b/playbooks/docker-security-audit.md
@@ -147,9 +147,17 @@ After all scans are complete for this image:

 After all images are scanned, generate the following files. All output goes into a timestamped folder:

-**Folder:** `reports/audit-<YYYY-MM-DD>/`
+**Folder structure:**

-Create this folder before writing any files. If it already exists, continue writing into it.
+```
+reports/audit-<YYYY-MM-DD>/
+  audit-<YYYY-MM-DD>.md          ← overview report
+  <image-name>/                  ← one folder per image (name only, no tag, slashes replaced with -)
+    <image-name>-<tag>.md        ← per-image detail report
+    sbom-<image-name>-<tag>.json ← SBOM
+```
+
+Create `reports/audit-<YYYY-MM-DD>/` and each per-image subfolder before writing any files. If folders already exist, continue writing into them.

 ---

@@ -163,7 +171,7 @@ This is the top-level summary. It must link to each per-image detail file.

 | Image | CRITICAL | HIGH | MEDIUM | LOW | Secrets | Misconfigs | Hadolint | Status | Removed | Detail File |
 |---|---|---|---|---|---|---|---|---|---|---|
-| image:tag | 0 | 0 | 0 | 0 | 0 | 0 | 0 | ACTIVE/NOT ACTIVE | YES/NO/FAILED | [image-name.md](image-name.md) |
+| image:tag | 0 | 0 | 0 | 0 | 0 | 0 | 0 | ACTIVE/NOT ACTIVE | YES/NO/FAILED | [image-name/image-name-tag.md](image-name/image-name-tag.md) |

 #### Critical & High Findings (All Images)

@@ -198,9 +206,12 @@ After all findings:

 ### File 2 — Per-Image Detail Reports

-**Filename per image:** `reports/audit-<YYYY-MM-DD>/<image-name>-<tag>.md`
+**Filename per image:** `reports/audit-<YYYY-MM-DD>/<image-name>/<image-name>-<tag>.md`

- Replace `:` and `/` in the image name with `-` to form a safe filename (e.g. `nginx-latest.md`, `myrepo-myapp-1.2.3.md`)
+- `<image-name>` is the image name only — no tag, slashes replaced with `-` (e.g. `nginx`, `myrepo-myapp`)
+- `<tag>` is the image tag (e.g. `latest`, `1.2.3`)
+- Example: `nginx:latest` → `reports/audit-2026-03-22/nginx/nginx-latest.md`
+- Example: `myrepo/myapp:1.2.3` → `reports/audit-2026-03-22/myrepo-myapp/myrepo-myapp-1.2.3.md`
 - Generate one file per image — do not combine images into a single detail file

 Each per-image file must include:
@@ -272,10 +283,10 @@ List any unknown or restrictive licenses flagged by Trivy.

 Note the SBOM filename saved alongside this report:

-`SBOM saved: reports/audit-<YYYY-MM-DD>/sbom-<image-name>-<tag>.json`
+`SBOM saved: reports/audit-<YYYY-MM-DD>/<image-name>/sbom-<image-name>-<tag>.json`

 Update the SBOM output path to match this folder:
-`trivy image --format cyclonedx --output reports/audit-<YYYY-MM-DD>/sbom-<image-name>-<tag>.json <image:tag>`
+`trivy image --format cyclonedx --output reports/audit-<YYYY-MM-DD>/<image-name>/sbom-<image-name>-<tag>.json <image:tag>`

 #### Cleanup