I need help to generate Oracle Cloud (OCI) Vulnerability Scanning Reports (VSS) for Host and Container. (Shell/Python)

Question

I need any script to get below final output (shell/python etc)

based on the below sample files i need "image": "dev1", and "name": "CVE-2023-26055" this values in single file final output in file should be like below, the image-name and associated cve-id list, so this can be filter out in excel to present report | image-name | cve-id | |:---------- | ------------:| |dev1 |CVE-2023-26055| |dev1 |CVE-2023-29528| |dev1 |CVE-2020-10683| |7.4.1_b1 |CVE-2023-25160| |7.4.1_b1 |CVE-2019-5427 | |7.4.1_b1 |CVE-2023-2976 | |b017 |CVE-2023-40217| |7.4.1_b1 |CVE-2023-23943|

Step-1 I am using oci cli to download scanning report with below command, oci vulnerability-scanning container scan result list --compartment-id ocid1.compartment.oc1..wwwwwwwwwwvim5qj7hjaiw4ztsmjlxgvovifq7zqiy5zenjymk7knpwka --all >> scan-result which gives me following output in 'scan-result' file

{
  "data": {
    "items": [
      {
        "compartment-id": "ocid1.compartment.oc1..wwwwwwwwwwvim5qjhjaiw4ztsmjlxgvovifq7zqiy5zenjymk7knpwka",
        "container-scan-target-id": "ocid1.vsscontainerscantarget.oc1.eu-amsterdam-1.wwwwwwwwwwvim5qjgn6wg5fnlorrqm7quahe2rzeiiqnpgkwa26i4p3uemrga",
        "highest-problem-severity": "CRITICAL",
        "id": "ocid1.vsscontainerscanresult.oc1..wwwwwwwwwwvim5qje6mrjdat5ojwdf57mhy3ibhbls234xa3unewgty5lxjlq",
        "image": "VLU_WLD_carts_2",
        "problem-count": 241,
        "repository": "ocir-oracleeeee-rrrr/dddd/osm/osrrrrrustom",
        "time-finished": "2024-02-27T18:08:16+00:00",
        "time-started": "2024-02-27T18:08:16+00:00"
      },
      {
    ++++++ there are multiple block for each Host and Container scan
    ++++++ just shared 2 sample scan result
      },        
      {
        "compartment-id": "ocid1.compartment.oc1..wwwwwwwwwwvim5qjvim5qj7hjaiw4ztsmjlxgvovifq7zqiy5zenjymk7knpwka",
        "container-scan-target-id": "ocid1.vsscontainerscantarget.oc1.eu-amsterdam-1.wwwwwwwwwwvim5qjn6wg5fnlorrqm7quahe2rzeiiqnpgkwa26i4p3uemrga",
        "highest-problem-severity": "CRITICAL",
        "id": "ocid1.vsscontainerscanresult.oc1..awwwwwwwwwwvim5qj5lfi3znr4sol5ujhfaxpn6tffrovvavh4saj36j2iiyq",
        "image": "7.4.1_b1",
        "problem-count": 17,
        "repository": "ocir-oracleeeee-rrrr/dddd/osm/osrrrrrustom",
        "time-finished": "2024-01-05T07:28:24+00:00",
        "time-started": "2024-01-05T07:28:24+00:00"
      }
    ]
  }
}

Step-2 From the above 'scan-result' file i need to pick up value of each 'id' and trigger next command "id": "ocid1.vsscontainerscanresult.oc1..awwwwwwwwwwvim5qj5lfi3znr4sol5ujhfaxpn6tffrovvavh4saj36j2iiyq",

the below command gives me the list of "problem-count" associated with each 'id'

oci vulnerability-scanning container scan result get --container-scan-result-id     ocid1.vsscontainerscanresult.oc1..awwwwwwwwwwvim5qjm5lfi3znr4sol5ujhfaxpn6tffrovvavh4saj36j2iiyq >> result

which gives me following output whic i save in 'result' file

{
  "data": {
    "compartment-id": "ocid1.compartment.oc1..qqqqqqqqqqj7hjaiw4ztsmjlxgvovifq7zqiy5zenjymk7knpwka",
    "container-scan-target-id": "ocid1.vsscontainerscantarget.oc1.eu-amsterdam-1.yyyyyyyyywg5fnlorrqm7quahe2rzeiiqnpgkwa26i4p3uemrga",
    "highest-problem-severity": "CRITICAL",
    "id": "ocid1.vsscontainerscanresult.oc1..tttttttttt3yg4chxlqqgpuleh5d5nak2vno7gxkyjdt6aqqungrfq",
    **"image": "dev1",**
    "problem-count": 25,
    "problems": [
      {
        "cve-reference": "CVE-2023-26055",
        "description": "XWiki Commons are technical libraries common to several other top level XWiki projects. Starting in version 3.1-milestone-1, any user can edit their own profile and inject code, which is going to be executed with programming right. The same vulnerability can also be exploited in all other places where short text properties are displayed, e.g., in apps created using Apps Within Minutes that use a short text field. The problem has been patched on versions 13.10.9, 14.4.4, 14.7RC1.\n",
        **"name": "CVE-2023-26055",**
        "severity": "CRITICAL",
        "state": "OPEN",
        "time-first-detected": "2024-01-05T07:28:25+00:00",
        "time-last-detected": "2024-01-08T06:23:43+00:00",
        "vulnerable-packages": [
          {
            "cve-fix-version": "13.10.9",
            "locations": [
              "u01/oracle/oracle_common/modules/oracle.sdp.client/commons.jar"
            ],
            "name": "commons",
            "type": "JAVA",
            "version": "12.2.1.3.0"
          }
        ]
      },
      {
        "cve-reference": "CVE-2020-10683",
        "description": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.",
        **"name": "CVE-2020-10683",**
        "severity": "CRITICAL",
        "state": "OPEN",

      }
    ],
    "registry-url": null,
    "repository": "ocir-oracleeeee-rrrr/dddd/osm/osrrrrrustom",
    "target-compartment-id": null,
    "time-finished": "2024-01-05T07:28:24+00:00",
    "time-started": "2024-01-05T07:28:24+00:00"
  },
  "etag": "9e5fd2d8e9b1553800ee1dc78ffbc154eaed0d278db6e60d4--gzip"
}