Trivy is not sandboxed - Githubissues

antonbabenko / pre-commit-terraform

pre-commit git hooks to take care of Terraform configurations 🇺🇦

MIT License

3.24k stars 541 forks source link

Trivy is not sandboxed #696

Closed TiansuYu closed 3 months ago

TiansuYu commented 3 months ago

When I run pre-commit hooks with

  - repo: https://github.com/antonbabenko/pre-commit-terraform
    rev: v1.92.1
    hooks:
      - id: terraform_fmt
      - id: terraform_validate
      - id: terraform_trivy
        files: infra/

Then the hook terraform_trivy will complain /Users/xxxx/.cache/pre-commit/repo30dyuizv/hooks/terraform_trivy.sh: line 51: trivy: command not found.

This can be fixed by additionally installing trivy via brew. That means trivy is not included into the sandbox environment controlled by pre-commit hook.

yermulnik commented 3 months ago

This is out of scope of the pre-commit-terraform hooks. Please refer to https://github.com/antonbabenko/pre-commit-terraform#1-install-dependencies for the required deps to run hooks.