Disable secret scanning

[lixdavid94]

{"error":"running trivy wrapper: running trivy: exit status 1: 2022-07-14T22:32:11.318Z\t\u001b[34mINFO\u001b[0m\tVulnerability scanning is enabled\n2022-07-14T22:32:11.318Z\t\u001b[34mINFO\u001b[0m\tSecret scanning is enabled\n2022-07-14T22:32:11.318Z\t\u001b[34mINFO\u001b[0m\tIf your scanning is slow, please try '--security-checks vuln' to disable secret scanning\n2022-07-14T22:32:11.318Z\t\u001b[34mINFO\u001b[0m\tPlease see also https://aquasecurity.github.io/trivy/v0.29.2/docs/secret/scanning/#recommendation for faster secret detection\n2022-07-14T22:37:11.316Z\t\u001b[33mWARN\u001b[0m\tIncrease --timeout value\n2022-07-14T22:37:11.316Z\t\u001b[31mFATAL\u001b[0m\timage scan error: scan error: image scan failed: failed analysis: analyze error: timeout: context deadline exceeded\n","level":"error","msg":"Scan failed","time":"2022-07-14T22:37:11Z"}

Is there an option to pass in the flag --security-checks vuln as an env variable to disable secret scanning? I couldn't find it in the documentation

[hasonhai]

I think, based on this document: https://aquasecurity.github.io/trivy/v0.30.4/docs/references/customization/envs/ We can try with TRIVY_SECURITY_CHECKS="vuln".

[lixdavid94]

@hasonhai Were you able to test it out? It doesn't look like setting that env variable would pass it onto the container running trivy

[hasonhai]

@hasonhai Were you able to test it out? It doesn't look like setting that env variable would pass it onto the container running trivy

A member in my team checks it and it works on our side. For what I know, the CPU consumption descreases from 100% of the CPU allocation to 20% of the allocation in average.

[lixdavid94]

Yep this worked thanks @hasonhai !