security-devops-action icon indicating copy to clipboard operation
security-devops-action copied to clipboard
verified publisher icon microsoft

Add environment variable GDN_TRIVY_SCANNERS to documentation

Open tijnvdheuvel opened this issue 1 year ago • 2 comments

After searching for a while, looking why trivy was not reporting on some test-insecure terraform files. I realized that it was not reporting them since they were misconfigurations and not vulnerabilities (the default value). A few rabit holes and blatant guessing later and I found that I apparently could use the environment variable 'GDN_TRIVY_SCANNERS'.

Please add this to the documentation to avoid others also having to pass this ordeal.

Acceptable values for the variable are: vuln, misconfig and secret. E.g. below: GDN_TRIVY_SCANNERS: 'vuln,misconfig,secret'

Thank you in advance.

tijnvdheuvel avatar Nov 04 '24 13:11 tijnvdheuvel

Thank you for you feedback we will review an update our documentation

richardtucker avatar Jan 01 '25 02:01 richardtucker

Hello @tijnvdheuvel , I'm the Product Manager for this GH Action. I'm hoping you can help me gather some feedback on your experience using this action. If you don't mind taking this 3 minute anonymous survey, it would be greatly appreciated!

https://forms.microsoft.com/r/tciV74znSh

James Brotsos - [email protected]

jbrotsos avatar Feb 19 '25 04:02 jbrotsos