Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: skip only absolute filesystem dirs #6651

Open
2 tasks
nikpivkin opened this issue May 7, 2024 Discussed in #6650 · 0 comments · May be fixed by #6657
Open
2 tasks

fix: skip only absolute filesystem dirs #6651

nikpivkin opened this issue May 7, 2024 Discussed in #6650 · 0 comments · May be fixed by #6657
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@nikpivkin
Copy link
Contributor

Discussed in #6650

Originally posted by mlipiec May 7, 2024

Description

It seems that trivy by default skips scanning in the dev subdirectory. Is it expected behaviour?

Desired Behavior

Do not skip dev subdirectory by default.

Actual Behavior

2024-05-07T13:16:28+02:00	DEBUG	Skipping path	path=".git"
2024-05-07T13:16:28+02:00	DEBUG	Skipping path	path="dev"

Reproduction Steps

Run command:

trivy config $(pwd) --debug

in the root of terraform repository.

Structure of terraform repo (prod and stage are empty dirs:

❯ ls -l
drwxr-xr-x    - 2024-05-03 15:06 -- dev
drwxr-xr-x    - 2024-05-03 15:06 -- modules
drwxr-xr-x    - 2024-04-24 15:30 -- prod
drwxr-xr-x    - 2024-04-24 15:30 -- stage
.rw-r--r-- 1.4k 2024-04-25 19:43 -- README.md

Trivy is going inside modules subdir but skips dev.



### Target

None

### Scanner

Misconfiguration

### Output Format

None

### Mode

Standalone

### Debug Output

```bash
2024-05-07T13:16:28+02:00	DEBUG	Parsed severities	severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2024-05-07T13:16:28+02:00	DEBUG	Cache dir	dir="/Users/mlipiec/Library/Caches/trivy"
2024-05-07T13:16:28+02:00	INFO	Misconfiguration scanning is enabled
2024-05-07T13:16:28+02:00	DEBUG	Policies successfully loaded from disk
2024-05-07T13:16:28+02:00	DEBUG	Enabling misconfiguration scanners	scanners=[azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot]
2024-05-07T13:16:28+02:00	DEBUG	[nuget] The nuget packages directory couldn't be found. License search disabled
2024-05-07T13:16:28+02:00	DEBUG	Skipping path	path=".git"
2024-05-07T13:16:28+02:00	DEBUG	Skipping path	path="dev"
2024-05-07T13:16:28+02:00	DEBUG	Skipping path	path="modules/somemodule/.terraform/modules/somemodule/.git"
2024-05-07T13:16:28+02:00	DEBUG	Skipping path	path="modules/project_services/.terraform/modules/project-services/.git"
2024-05-07T13:16:28+02:00	DEBUG	Scanning files for misconfigurations...	scanner="Kubernetes"

Operating System

macOS Sonoma 14.4.1

Version

Version: 0.51.1
Vulnerability DB:
  Version: 2
  UpdatedAt: 2024-05-07 06:12:32.648612416 +0000 UTC
  NextUpdate: 2024-05-07 12:12:32.648612145 +0000 UTC
  DownloadedAt: 2024-05-07 07:19:20.116247 +0000 UTC
Check Bundle:
  Digest: sha256:6d0771effa53c6cf8130861fc3ac28f5515c35a028edb4bb1e67261b9218c80e
  DownloadedAt: 2024-05-06 11:34:54.282907 +0000 UTC

Checklist
@nikpivkin nikpivkin added the kind/bug Categorizes issue or PR as related to a bug. label May 7, 2024
@nikpivkin nikpivkin linked a pull request May 8, 2024 that will close this issue
Open
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: skip only absolute filesystem dirs nikpivkin/trivy
1 participant
@nikpivkin