trivy-azure-pipelines-task
trivy-azure-pipelines-task copied to clipboard
aquasecurity
Request to change --security-checks to --Scanners
When I'm using trivy task in my pipeline, I'm getting a warning --security-checks is deprecated use --scanners instead.
I'm using trivy version 0.42.1
please make this change in a way that we can choose the type of scanner to use via argument eg:
- task: trivy@1
displayName: 'trivy container'
inputs:
version: 'v0.42.1'
docker: false
image: 'node:latest'
scanners: 'vuln,secret'
severities: 'HIGH,CRITICAL'
exitCode: '1'
ignoreUnfixed: true
options: '--vuln-type library'
We are also encountering the deprecation warning.
Version : 1.4.1
Build output for trivy task:
2023-06-27T09:52:30.316Z WARN '--security-checks' is deprecated. Use '--scanners' instead.
By leveraging trivy.yaml config file, setting scanners instead of security-checks the deprecation warning goes away:
trivy ... --config trivy.yaml
trivy.yaml:
...
scan:
...
scanners:
- config
- vuln
- secret
When I'm using trivy task in my pipeline, I'm getting a warning
--security-checksis deprecated use--scannersinstead. I'm using trivy version0.42.1
This is maybe a duplicate of #36 ?
srmds
are you able to supply a a copy of your YAML, we tried with one but no change in behaviour using what you had above.
it may have been because we tried passing the YAML via "options:" parameter via their marketplace add on for azure devops, looks like you were using the binary on CLI,
- task: trivy@1
displayName: 'Trivy (task)'
inputs:
path: '$(Agent.BuildDirectory)/devops/devops/terraform/modules/'
exitCode: 1
debug: false
docker: false
version: 'v0.52.2'
options: '--config /tmp/trivy.yaml'
if we use the trivy binary inside an azure devops task of type "task: AzureCLI@2" no issues at all which is our current workaround
This has been changed in the latest release. It's an input option now defaulting to vuln,misconfig,secrets but can be set to the combinaty you chose
