search

aquasecurity / trivy-azure-pipelines-task

An Azure Pipelines Task for trivy
https://marketplace.visualstudio.com/items?itemName=AquaSecurityOfficial.trivy-official
MIT License
46 stars 32 forks source link

Overriding output scan report #60

Open olivebay opened 7 months ago

olivebay commented 7 months ago

Hello,

Is there a way to get the /tmp/scan-results.json from the task? Or override the output path?

julienLemarie commented 6 months ago

Hello,

I'm looking for the same thing.

Try to get the result file to upload the results on SonarQube.

- task: trivy@1
  continueOnError: false
  displayName: Trivy scan on Docker image
  inputs:
    debug: true
    docker: false
    exitCode: 0
    image: $(containerRegistry)/$(dockerImageName):${{ parameters.dockerImageTag }} 
    version: "v0.49.1"

On the logs:

##[debug]exec tool: /tmp/trivy
##[debug]arguments:
##[debug]   --debug
##[debug]   image
##[debug]   --exit-code
##[debug]   0
##[debug]   --format
##[debug]   json
##[debug]   --output
##[debug]   /tmp/trivy-results-0.2733003447340172.json

at the end of the logs:

Publishing JSON results...
##[debug]Processed: ##vso[task.addattachment type=JSON_RESULT;name=trivy0.10503311637599544.json;]/tmp/trivy-results-0.2733003447340172.json
Done!

So, where is the /tmp/trivy-results-*.json file?

Already checked:

I think it's also linked to this issue: https://github.com/aquasecurity/trivy-azure-pipelines-task/issues/28

joaquin386 commented 6 months ago

Same issue here, If I put them on the options: it should overwrite the ones provided by default by the Plugin but instead I see them coming twice.