search

aquasecurity / trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
https://aquasecurity.github.io/trivy
Apache License 2.0
22.1k stars 2.18k forks source link

feat(logging): Add warning in case missing config file #7028

Open simar7 opened 1 week ago

simar7 commented 1 week ago

Discussed in https://github.com/aquasecurity/trivy/discussions/7025

Originally posted by **rkm** June 26, 2024 ### Description Trivy does not produce any error or warning when `--config` specifies a file that does not exist. ### Desired Behavior Trivy should error when the specified config file is missing since this can contain settings which affect the scan output. ### Actual Behavior The config is silently ignored and the scan proceeds normally. ### Reproduction Steps 1. Run Trivy and observe the output: ```bash docker run \ --rm \ -v /var/run/docker.sock:/var/run/docker.sock \ -v $HOME/.cache/trivy:/root/.cache \ -v "$(pwd)":/repo \ ghcr.io/aquasecurity/trivy:0.52.2 \ image \ --config /repo/not-a-file \ --debug \ debian:12-slim ``` ### Target Container Image ### Scanner Vulnerability ### Output Format Table ### Mode Standalone ### Debug Output ```bash 2024-06-26T14:51:32Z DEBUG Parsed severities severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL] 2024-06-26T14:51:32Z DEBUG Ignore statuses statuses=[] 2024-06-26T14:51:32Z DEBUG Cache dir dir="/root/.cache/trivy" 2024-06-26T14:51:32Z DEBUG DB update was skipped because the local DB is the latest 2024-06-26T14:51:32Z DEBUG DB info schema=2 updated_at=2024-06-26T12:13:29.845304436Z next_update=2024-06-26T18:13:29.845304285Z downloaded_at=2024-06-26T14:40:58.687229989Z 2024-06-26T14:51:32Z INFO Vulnerability scanning is enabled 2024-06-26T14:51:32Z DEBUG Vulnerability type type=[os library] 2024-06-26T14:51:32Z INFO Secret scanning is enabled 2024-06-26T14:51:32Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning 2024-06-26T14:51:32Z INFO Please see also https://aquasecurity.github.io/trivy/v0.52/docs/scanner/secret/#recommendation for faster secret detection 2024-06-26T14:51:32Z DEBUG Enabling misconfiguration scanners scanners=[azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot] 2024-06-26T14:51:33Z DEBUG [secret] No secret config detected config_path="trivy-secret.yaml" 2024-06-26T14:51:33Z DEBUG [nuget] The nuget packages directory couldn't be found. License search disabled 2024-06-26T14:51:33Z DEBUG [secret] No secret config detected config_path="trivy-secret.yaml" 2024-06-26T14:51:34Z DEBUG [image] Detected image ID image_id="sha256:46a63b82e4145c5eb93ce87cb6b3e6eeb89a4318b848b8e44a2ea029ccfdc157" 2024-06-26T14:51:34Z DEBUG [image] Detected diff ID diff_ids=[sha256:1387079e86adf524e7e92bada71d261d9ff58f34409751ab36560385262a8386] 2024-06-26T14:51:34Z DEBUG [image] Detected base layers diff_ids=[] 2024-06-26T14:51:34Z INFO Detected OS family="debian" version="12.5" 2024-06-26T14:51:34Z INFO [debian] Detecting vulnerabilities... os_version="12" pkg_num=88 2024-06-26T14:51:34Z INFO Number of language-specific files num=0 debian:12-slim (debian 12.5) ... ``` ### Operating System Rocky Linux 9.4 ### Version ```bash 0.52.2 ``` ### Checklist - [ ] Run `trivy clean --all` - [X] Read [the troubleshooting](https://aquasecurity.github.io/trivy/latest/docs/references/troubleshooting/)