New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Report is not empty even if there are no findings #6351
Labels
kind/bug
Categorizes issue or PR as related to a bug.
Comments
6 tasks
Hey @DmitriyLewen, |
Hello @AntonKarasov These changes should be included into next release. Regards, Dmitriy |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Discussed in #6349
Originally posted by kanton10062006 March 19, 2024
Description
Hello,
With the most recent release, I've noticed that trivy report/output is not empty even if there are no findings when some particular findings are in place in .trivyignore.yaml.
The previous version did not have such behavior as expected.
Our CI/CD relies on this report, if something exists within the report CI proceeds with different logic.
It reproduces for vuln and license scanners.
Desired Behavior
Completely empty report:
Actual Behavior
Here is an example of the actual output:
Reproduction Steps
Target
Filesystem
Scanner
Vulnerability
Output Format
Table
Mode
Standalone
Debug Output
trivy fs -q --scanners vuln . --debug 2024-03-19T15:17:07.236+0100 INFO Loaded trivy.yaml package-lock.json (npm) Total: 0 (MEDIUM: 0, HIGH: 0, CRITICAL: 0)
The text was updated successfully, but these errors were encountered: