aquasecurity
--no-color option
When output is saved into text files/CI logs color markers make it harder to rid
?[31mFATAL?[0m - ?[36mCIS-DI-0009?[0m: Use COPY instead of ADD in Dockerfile
--no-color, and/or NO_COLOR would be nice to have
mkdir "$CACHE_DIR_WITH_DB"/db # option to set only db dir could be useful to remove extra steps in db unpacking/prep
cp metadata.json trivy.db $CACHE_DIR_WITH_DB/db/
docker save some_image > IMAGE.tar # actually using bazel to build image & tar, but shouldn't matter here
trivy --cache-dir "$CACHE_DIR_WITH_DB" image --skip-update --input IMAGE.tar --exit-code 1 --no-progress --ignore-unfixed
can probably add output post-processing to remove color markers too
This issue is stale because it has been labeled with inactivity.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
@dmivankov you could use other formats like (table, json, template) (default: "table") I can't reproduce the error, you could save in other format as json, or create a template
trivy image --format json --skip-update --exit-code 1 --no-progress --ignore-unfixed ubuntu:20.04
Any examples you might have to be able to output in table format but with no color? JSON doesn't solve that as it is not what I would call human readable. Good example is running in a Jenkins job as you're not going to get colors to be visible by default.
I've also tried to set TERM to xterm, xterm-mono, or vt220 but the value of TERM doesn't appear to be respected and color is still used.
The only way I can get it to not output color is when using a docker container, to not pass -t or --tty:
docker run --rm -v trivy-cache:/root/.cache aquasec/trivy:0.21.2 image debian:jessie
This would be very useful for simple use cases like a simple shell script that calls trivy image ubuntu:20.04 | grep CVE.
--format json is more complicated then what many folks need, and --format template even more so.
Bringing #1566 and this one together as feature request:
The used color package does a good job in auto detecting whether the output supports ANSI coloring or not. Unfortunately for some use cases (mostly CI or other automation) this fails and needs manual override. Fortunately the color package already has this needed functionality as described in the color readme section for github-actions
For the table format of trivy, it would be nice to have a trivy cli option --color with possible values true, false, and default auto. The default is current behavior, true or false set color.NoColor to the respective value.
How can I force colors? The trivy result in my gitlab pipeline output is not colored. I have set TERM=xterm but it does not make any difference. Is there another way to control it with a flag?
Why is this closed?
I'm missing --color=always (or true or whatever) to force a colored table in a Docker CI environment. Reproducible for example via:
$ docker run -v $HOME/.cache/trivy/:/root/.cache/trivy/ aquasec/trivy image alpine:3.10
It works when using docker run -t ….
And why is the output on STDERR colored, but not on STDOUT?
This issue is stale because it has been labeled with inactivity.
Oof I was trying to ignore color and am having a lot of issues. I actually want json format and I see color in my json format.
trivy config --tf-vars=dev.tfvars . -f json
"Lines": [
{
"Number": 80,
"Content": "resource \"aws_s3_bucket_server_side_encryption_configuration\" \"default\" {",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": "\u001b[0m\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket_server_side_encryption_configuration\"\u001b[0m \u001b[38;5;37m\"default\"\u001b[0m {",
"FirstCause": true,
"LastCause": false
},
I tried setting my TERM env var as well and it doesn't seem respected
export TERM=xterm-mono
Same with the color package's env var but again it doesn't seem to be respected
export NO_COLOR=true
I was able to remove the color from the non-json output using this from here but not from the json output
cat output | sed "s,\x1B\[[0-9;]*[a-zA-Z],,g"
@nitrocode JSON contains a Content field which contains the source code without highlighting.
Last night I kind of went down the rabbit hole of why the colors were being outputted even though I could have simply used the Content field in the json. Thanks again.
I was able to find a way to disable some of the coloring in iac, but it wasn't coming in from the fitah/color package.
It's actually coming from the alecthomas/chroma package.
The iac themes are set here
https://github.com/aquasecurity/trivy/blob/bf64003ac8b209f34b88f228918a96d4f9dac5e0/pkg/iac/scan/highlighting.go#L12
https://github.com/aquasecurity/trivy/blob/bf64003ac8b209f34b88f228918a96d4f9dac5e0/pkg/iac/scan/code.go#L79-L82
I set those themes to plaintext and I no longer see color output in the code itself, only in these places. I hope this helps someone with more time write a pull request because a no-color option for other formats, besides json, would be very nice.
Testing with trivy 0.56.2 as well as main from a few days ago, I'd like to report that NO_COLOR is working, at least for these cases:
- Info line of
$ NO_COLOR=yes trivy --version:2024-10-15T08:08:49+02:00 INFO Loaded file_path="trivy.yaml" - Log lines before vulnerability output with
NO_COLOR=yes trivy image --input ….tar --format json --no-progress.
The bold text in table headers for example are unaffected by this, so a proper option to prevent all shell formatting would still be really appreciated.
I think I need the opposite: I'd like to output ANSI color codes forcibly even when ran in CI (eg GitHub Actions).
It seems currently it detects if the the output is a terminal, and avoids color if not.
Other tools have --color=always|never|auto to control this...
