search

aquasecurity / trivy-action

Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities
Apache License 2.0
807 stars 234 forks source link

Trivy ImageRef Required? #260

Open rlove opened 1 year ago

rlove commented 1 year ago

Is there a way to use Trivy without a docker image? We just want to scan the terraform that is the given repository.

However in the action.yml the image-ref is marked as required.

arxeiss commented 1 year ago

It is not required actually. I have Github Actions extension in VS Code and it complains about it too.

But we don't use that and it works. So I think it should be changed to not-required actually.

trivy-config-scan:
    name: trivy config scan
    runs-on: ubuntu-latest
    steps:
        - name: Create .trivyignore file
          run: echo '${{ vars.TRIVY_IGNORE }}' > .trivyignore
        - uses: aquasecurity/trivy-action@0.11.2
          with:
              scan-type: config
              exit-code: '1'
              severity: HIGH,CRITICAL
              trivyignores: .trivyignore