We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Originally posted by mlipiec May 7, 2024
It seems that trivy by default skips scanning in the dev subdirectory. Is it expected behaviour?
dev
Do not skip dev subdirectory by default.
2024-05-07T13:16:28+02:00 DEBUG Skipping path path=".git" 2024-05-07T13:16:28+02:00 DEBUG Skipping path path="dev"
Run command: trivy config $(pwd) --debug
in the root of terraform repository.
Structure of terraform repo (prod and stage are empty dirs:
❯ ls -l drwxr-xr-x - 2024-05-03 15:06 -- dev drwxr-xr-x - 2024-05-03 15:06 -- modules drwxr-xr-x - 2024-04-24 15:30 -- prod drwxr-xr-x - 2024-04-24 15:30 -- stage .rw-r--r-- 1.4k 2024-04-25 19:43 -- README.md
Trivy is going inside modules subdir but skips dev.
modules
### Target None ### Scanner Misconfiguration ### Output Format None ### Mode Standalone ### Debug Output ```bash 2024-05-07T13:16:28+02:00 DEBUG Parsed severities severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL] 2024-05-07T13:16:28+02:00 DEBUG Cache dir dir="/Users/mlipiec/Library/Caches/trivy" 2024-05-07T13:16:28+02:00 INFO Misconfiguration scanning is enabled 2024-05-07T13:16:28+02:00 DEBUG Policies successfully loaded from disk 2024-05-07T13:16:28+02:00 DEBUG Enabling misconfiguration scanners scanners=[azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot] 2024-05-07T13:16:28+02:00 DEBUG [nuget] The nuget packages directory couldn't be found. License search disabled 2024-05-07T13:16:28+02:00 DEBUG Skipping path path=".git" 2024-05-07T13:16:28+02:00 DEBUG Skipping path path="dev" 2024-05-07T13:16:28+02:00 DEBUG Skipping path path="modules/somemodule/.terraform/modules/somemodule/.git" 2024-05-07T13:16:28+02:00 DEBUG Skipping path path="modules/project_services/.terraform/modules/project-services/.git" 2024-05-07T13:16:28+02:00 DEBUG Scanning files for misconfigurations... scanner="Kubernetes"
macOS Sonoma 14.4.1
Version: 0.51.1 Vulnerability DB: Version: 2 UpdatedAt: 2024-05-07 06:12:32.648612416 +0000 UTC NextUpdate: 2024-05-07 12:12:32.648612145 +0000 UTC DownloadedAt: 2024-05-07 07:19:20.116247 +0000 UTC Check Bundle: Digest: sha256:6d0771effa53c6cf8130861fc3ac28f5515c35a028edb4bb1e67261b9218c80e DownloadedAt: 2024-05-06 11:34:54.282907 +0000 UTC
trivy image --reset
The text was updated successfully, but these errors were encountered:
Successfully merging a pull request may close this issue.
Discussed in #6650
Originally posted by mlipiec May 7, 2024
Description
It seems that trivy by default skips scanning in the
dev
subdirectory. Is it expected behaviour?Desired Behavior
Do not skip
dev
subdirectory by default.Actual Behavior
Reproduction Steps
Run command: trivy config $(pwd) --debug
in the root of terraform repository.
Structure of terraform repo (prod and stage are empty dirs:
Trivy is going inside
modules
subdir but skipsdev
.Operating System
macOS Sonoma 14.4.1
Version
Checklist
trivy image --reset
The text was updated successfully, but these errors were encountered: