Open dmivankov opened 3 years ago
@dmivankov could you share the commands that you are using in trivy?
mkdir "$CACHE_DIR_WITH_DB"/db # option to set only db dir could be useful to remove extra steps in db unpacking/prep
cp metadata.json trivy.db $CACHE_DIR_WITH_DB/db/
docker save some_image > IMAGE.tar # actually using bazel to build image & tar, but shouldn't matter here
trivy --cache-dir "$CACHE_DIR_WITH_DB" image --skip-update --input IMAGE.tar --exit-code 1 --no-progress --ignore-unfixed
can probably add output post-processing to remove color markers too
This issue is stale because it has been labeled with inactivity.
@dmivankov you could use other formats like (table, json, template) (default: "table") I can't reproduce the error, you could save in other format as json, or create a template
trivy image --format json --skip-update --exit-code 1 --no-progress --ignore-unfixed ubuntu:20.04
Any examples you might have to be able to output in table format but with no color? JSON doesn't solve that as it is not what I would call human readable. Good example is running in a Jenkins job as you're not going to get colors to be visible by default.
I've also tried to set TERM
to xterm
, xterm-mono
, or vt220
but the value of TERM
doesn't appear to be respected and color is still used.
The only way I can get it to not output color is when using a docker container, to not pass -t
or --tty
:
docker run --rm -v trivy-cache:/root/.cache aquasec/trivy:0.21.2 image debian:jessie
This would be very useful for simple use cases like a simple shell script that calls trivy image ubuntu:20.04 | grep CVE
.
--format json
is more complicated then what many folks need, and --format template
even more so.
Bringing #1566 and this one together as feature request:
The used color package does a good job in auto detecting whether the output supports ANSI coloring or not. Unfortunately for some use cases (mostly CI or other automation) this fails and needs manual override. Fortunately the color package already has this needed functionality as described in the color readme section for github-actions
For the table format of trivy, it would be nice to have a trivy cli option --color
with possible values true
, false
, and default auto
. The default is current behavior, true
or false
set color.NoColor
to the respective value.
How can I force colors? The trivy result in my gitlab pipeline output is not colored. I have set TERM=xterm but it does not make any difference. Is there another way to control it with a flag?
Why is this closed?
I'm missing --color=always
(or true
or whatever) to force a colored table in a Docker CI environment. Reproducible for example via:
$ docker run -v $HOME/.cache/trivy/:/root/.cache/trivy/ aquasec/trivy image alpine:3.10
It works when using docker run -t …
.
And why is the output on STDERR
colored, but not on STDOUT
?
This issue is stale because it has been labeled with inactivity.
Any progress on this?
Oof I was trying to ignore color and am having a lot of issues. I actually want json format and I see color in my json format.
trivy config --tf-vars=dev.tfvars . -f json
"Lines": [
{
"Number": 80,
"Content": "resource \"aws_s3_bucket_server_side_encryption_configuration\" \"default\" {",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": "\u001b[0m\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket_server_side_encryption_configuration\"\u001b[0m \u001b[38;5;37m\"default\"\u001b[0m {",
"FirstCause": true,
"LastCause": false
},
I tried setting my TERM env var as well and it doesn't seem respected
export TERM=xterm-mono
Same with the color package's env var but again it doesn't seem to be respected
export NO_COLOR=true
I was able to remove the color from the non-json output using this from here but not from the json output
cat output | sed "s,\x1B\[[0-9;]*[a-zA-Z],,g"
@nitrocode JSON contains a Content
field which contains the source code without highlighting.
Wow I completely missed that lol. Thanks @nikpivkin
Last night I kind of went down the rabbit hole of why the colors were being outputted even though I could have simply used the Content
field in the json. Thanks again.
I was able to find a way to disable some of the coloring in iac, but it wasn't coming in from the fitah/color package.
It's actually coming from the alecthomas/chroma package.
The iac themes are set here
I set those themes to plaintext
and I no longer see color output in the code itself, only in these places. I hope this helps someone with more time write a pull request because a no-color option for other formats, besides json, would be very nice.
When output is saved into text files/CI logs color markers make it harder to rid
--no-color, and/or NO_COLOR would be nice to have