Owen Rumney

Hey @MoZiZ00 - I think it's just that you're not passing the pat token to the env of the script Also the type for the trivy task becomes "fs" or...

It looks to me from that path that it isn't actually scanning `/mnt/vss/_work/_temp/` but in fact the temp file. I also note in your code above you have ``` git...

@MoZiZ00 - I've just tried it with the following ``` steps: - script: | git clone https://x-access-token:$(GITHUB_TOKEN)@github.com/owenrumney/trivy-bad.git displayName: 'Clone to temp dir' workingDirectory: $(Agent.TempDirectory) - task: trivy@1 inputs: docker: false...

I think we can rule out the GitHub permissions as it seems to be cloning correctly now. If you clone the repo to your local machine and run `trivy fs...

if you're willing to send the raw log to [email protected] I can have a good look through and see if anything jumps out? Realise its private repo, but i'm happy...

Ah interesting, the GitHub enterprise element is interesting Shout if I can help with anything

Hey @MoZiZ00 - good news its working. That is just a warning that some evaluation might not work if we don't have the full context. If you want to provide...

@MoZiZ00 - without the logs for the trivy step, this is going to be very difficult to diagnose. Can you see something along the lines of this in the logs,...

This is resolved offline - essentially cloning the repo in question, running a terraform init then using a trivy fs scan

This would be a new task entirely - the plugin for trivy that works against k8s has a different enough output to and reduced user base to warrant not adding...