Config file options are not respected

[kieran-lowe]

Hi,

I currently have an issue where I'm specifying options via a config file, but no matter what permutation I come up with it seems trivy is not respecting it.

Config

.trivy.yaml

exit-code: 1

quiet: false

scan:
  skip-dirs:
    - "examples/**"
    - "tests/**"

misconfiguration:
  scanners:
    - terraform

  include-non-failures: false

  terraform:
    exclude-downloaded-modules: true

Workflow File

...

- name: Run Trivy
  uses: aquasecurity/[email protected]
  with:
    scan-type: "config"
    trivy-config: "${{ github.workspace }}/.trivy.yaml"

• It's still showing failures in all subdirectories of examples/ etc. It shouldn't do this as I've said to skip that dir
• Exit Code is not being respected, as Actions shows succeeded despite errors so assuming it's returning a 0 status code, although I've said 1.

If I specify these flags with steps.with in the Action Workflow I have no issue and works as I want it too.

Anything I'm doing wrong?

Cheers, Kieran