BREAKING CHANGE: Disable scanning OS packages in fs mode
#8827
DmitriyLewen
announced in
Announcements
Replies: 1 comment
-
|
Pre-build and post-build were defined to target scan artifacts that might be duplicated, such as pom.xml and JAR files. Following this definition, OS packages should be disabled in a filesystem scan. However, if scanning OS packages during a filesystem scan doesn't cause any issues, there is also the option to leave it enabled. On the other hand, for new users, both fs and rootfs scanning OS packages might make it harder to distinguish the difference between them, which could be seen as a downside. Since each approach has pros and cons, we need further discussion. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Motivation
Initially, Trivy only used
fsmode.We later split it into
fsandrootfsto separate pre-build and post-build.We currently keep the ability to scan OS packages in
fsmode for backward compatibility.But it has been a while since we added the
rootfsmode.So we decided to disable scanning OS packages in
fsmode (you can still scan OS packages inrootfsandimagemodes).Beta Was this translation helpful? Give feedback.
All reactions