trivy icon indicating copy to clipboard operation
trivy copied to clipboard
Published 3 weeks ago verified publisher icon aquasecurity

bug: Trivy doesn’t use context in dependency parsers to stop the run.

Open DmitriyLewen opened this issue 4 months ago • 0 comments

Description

We use the Context.WithTimeout function to stop Trivy by timeout.

But we don't use context for the Parser interface. That is why Trivy doesn't stop the run, if file parsing takes a long time (e.g. fetching dependencies of pom.xml file).

Solution

Add and use context in the Parse() functions to stop Trivy by timeout.

Related issues

  • https://github.com/aquasecurity/trivy-action/issues/485

DmitriyLewen avatar Sep 01 '25 11:09 DmitriyLewen