trivy icon indicating copy to clipboard operation
trivy copied to clipboard
Published 3 weeks ago verified publisher icon aquasecurity

feat: add an option to skip the files greater than a particular size

Open DmitriyLewen opened this issue 1 year ago • 6 comments

Description

Add --max-file-size flag to skip files greater than a particular size. See https://github.com/aquasecurity/trivy/discussions/7151 for more context

requirements:

  1. Update analyzers logic: 1.1. Add Description() string function into analyzer and PostAnalyzer interfaces. (see https://github.com/aquasecurity/trivy/discussions/7151#discussioncomment-10094269) 1.2. Add AllAnalyzersTypes() map[Type]string (type -> description (see 1.1)) function to show all analyzers ( see https://github.com/aquasecurity/trivy/discussions/7151#discussioncomment-10091483)
  2. add --max-file-size flag. 2.1. flag format is <analyzer_type>:<max_size> (e.g. --max-file-size jar:200mb --max-file-size secret:5mb) 2.2. flag should support size with prefix (i mean mb, kb, etc.). I saw that https://github.com/docker/go-units supports that (https://github.com/docker/go-units/blob/16e18b2861ca6fd622e7042ffeb9a3ebe8a9dff9/size.go#L78-L80) 2.3. ??? i am not sure about this - cli error is supposed to show list of all analyzers when unsupported analyzer is used.
  3. use list of all analyzers (see 1.2) to create/update docs page using mage docs:generate (see https://github.com/aquasecurity/trivy/discussions/7151#discussioncomment-10092730)

Discussed in https://github.com/aquasecurity/trivy/discussions/7151

DmitriyLewen avatar Jul 19 '24 03:07 DmitriyLewen

please assign to me, I want to contribute.

zesiar0 avatar Jul 19 '24 08:07 zesiar0

Hello @zesiar0

I assigned this task to you.

Thanks for your help!

See this discussion for more information about this issue - https://github.com/aquasecurity/trivy/discussions/7151#discussioncomment-10028280

Some info about contributing to Trivy - https://aquasecurity.github.io/trivy/v0.53/community/contribute/pr/

UPD: @zesiar0 I've updated the description of this issue with the steps required.

DmitriyLewen avatar Jul 22 '24 04:07 DmitriyLewen

Hello @zesiar0

I assigned this task to you.

Thanks for your help!

See this discussion for more information about this issue - #7151 (comment)

Some info about contributing to Trivy - https://aquasecurity.github.io/trivy/v0.53/community/contribute/pr/

UPD: @zesiar0 I've updated the description of this issue with the steps required.

thx

zesiar0 avatar Jul 23 '24 03:07 zesiar0

Great work! Any updates on this PR? @DmitriyLewen @zesiar0

Percivalll avatar Feb 17 '25 11:02 Percivalll

Hello @Percivalll Judging by the lack of questions and reactions, this functionality is not in demand among users. Therefore, we probably will not implement this (at least now the maintainers have a large number of more priority tasks).

DmitriyLewen avatar Feb 18 '25 04:02 DmitriyLewen

This would be very nice for CI/CD pipelines where I don't necessarily want to add each and every large file to --skip-files and I notice the ones that cause timeout errors are typically > 10MB so it would be nice to be able to set this as a feature flag.

Sean-Michael avatar Nov 19 '25 00:11 Sean-Michael