I'm migrating from the tfsec Github Action to trivy but have been running into some issues. I'm using private terraform modules, and the trivy check is failing on modules which are not even used in that repo.
I have tried adding TRIVY_TF_EXCLUDE_DOWNLOADED_MODULES or TRIVY_TF_EXCLUDE_DOWNLOADED_MODULES, but no luck 😞
As per the GH Actions documentation, I should be able to add extra flags as environment variables.
I can't reproduce the same error locally, only happens in the CICD pipeline.
If possible I'd like to avoid having to add extra files to the repo as I have 30+ repos to update. Configuring this via input variable/flag would be ideal
Hello,
I'm migrating from the
tfsec
Github Action totrivy
but have been running into some issues. I'm using private terraform modules, and thetrivy
check is failing on modules which are not even used in that repo.I have tried adding
TRIVY_TF_EXCLUDE_DOWNLOADED_MODULES
orTRIVY_TF_EXCLUDE_DOWNLOADED_MODULES
, but no luck 😞As per the GH Actions documentation, I should be able to add extra flags as environment variables.
I can't reproduce the same error locally, only happens in the CICD pipeline.
Current config:
If possible I'd like to avoid having to add extra files to the repo as I have 30+ repos to update. Configuring this via input variable/flag would be ideal