Open
Description
Hi team, thanks for the awesome project. we follow you from tf-sec to here and would love to contribute and make this codebase as awesome as possible.
We really want to use the sarif and codeql function so we can integrate all the GitHub code scan result to JIRA.
when we use below setting, everything works as expected.
- name: Run Trivy vulnerability scanner in IaC mode
uses: aquasecurity/trivy-action@master
with:
scan-type: config
hide-progress: false
tf-vars: ${{ inputs.working-directory }}/terraform.tfvars.json
format: table
exit-code: 1
ignore-unfixed: false
severity: CRITICAL,HIGH,MEDIUM
result looks great vun misconfig has been found!
Running trivy with options: trivy config --format table --exit-code 1 --severity CRITICAL,HIGH,MEDIUM --tf-vars ./terraform/terraform.tfvars.json .
Global options:
2024-02-16T15:42:06.213Z INFO Misconfiguration scanning is enabled
2024-02-16T15:42:06.213Z INFO Need to update the built-in policies
2024-02-16T15:42:06.213Z INFO Downloading the built-in policies...
45.79 KiB / 45.79 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-02-16T15:42:07.417Z INFO Detected config files: 2
Then we switch to the format you suggested on README here https://github.com/aquasecurity/trivy-action/blob/master/README.md?plain=1#L286-L300
- name: Run Trivy vulnerability scanner in IaC mode
uses: aquasecurity/trivy-action@master
with:
scan-type: 'config'
hide-progress: false
tf-vars: ${{ inputs.working-directory }}/terraform.tfvars.json
format: 'sarif'
output: 'trivy-results.sarif'
exit-code: '1'
ignore-unfixed: false
severity: CRITICAL,HIGH,MEDIUM
seems like nothing has been scanned
Building SARIF report with options: --exit-code 1 .
can you take a look on this discrepancy and point out what we might config wrongly? thanks.
Metadata
Metadata
Assignees
Labels
No labels