Originally posted by **rkm** June 26, 2024
### Description
Trivy does not produce any error or warning when `--config` specifies a file that does not exist.
### Desired Behavior
Trivy should error when the specified config file is missing since this can contain settings which affect the scan output.
### Actual Behavior
The config is silently ignored and the scan proceeds normally.
### Reproduction Steps
1. Run Trivy and observe the output:
```bash
docker run \
--rm \
-v /var/run/docker.sock:/var/run/docker.sock \
-v $HOME/.cache/trivy:/root/.cache \
-v "$(pwd)":/repo \
ghcr.io/aquasecurity/trivy:0.52.2 \
image \
--config /repo/not-a-file \
--debug \
debian:12-slim
```
### Target
Container Image
### Scanner
Vulnerability
### Output Format
Table
### Mode
Standalone
### Debug Output
```bash
2024-06-26T14:51:32Z DEBUG Parsed severities severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL] 2024-06-26T14:51:32Z DEBUG Ignore statuses statuses=[]
2024-06-26T14:51:32Z DEBUG Cache dir dir="/root/.cache/trivy"
2024-06-26T14:51:32Z DEBUG DB update was skipped because the local DB is the latest
2024-06-26T14:51:32Z DEBUG DB info schema=2 updated_at=2024-06-26T12:13:29.845304436Z next_update=2024-06-26T18:13:29.845304285Z downloaded_at=2024-06-26T14:40:58.687229989Z 2024-06-26T14:51:32Z INFO Vulnerability scanning is enabled
2024-06-26T14:51:32Z DEBUG Vulnerability type type=[os library]
2024-06-26T14:51:32Z INFO Secret scanning is enabled
2024-06-26T14:51:32Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-06-26T14:51:32Z INFO Please see also https://aquasecurity.github.io/trivy/v0.52/docs/scanner/secret/#recommendation for faster secret detection 2024-06-26T14:51:32Z DEBUG Enabling misconfiguration scanners scanners=[azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot] 2024-06-26T14:51:33Z DEBUG [secret] No secret config detected config_path="trivy-secret.yaml"
2024-06-26T14:51:33Z DEBUG [nuget] The nuget packages directory couldn't be found. License search disabled
2024-06-26T14:51:33Z DEBUG [secret] No secret config detected config_path="trivy-secret.yaml"
2024-06-26T14:51:34Z DEBUG [image] Detected image ID image_id="sha256:46a63b82e4145c5eb93ce87cb6b3e6eeb89a4318b848b8e44a2ea029ccfdc157" 2024-06-26T14:51:34Z DEBUG [image] Detected diff ID diff_ids=[sha256:1387079e86adf524e7e92bada71d261d9ff58f34409751ab36560385262a8386] 2024-06-26T14:51:34Z DEBUG [image] Detected base layers diff_ids=[]
2024-06-26T14:51:34Z INFO Detected OS family="debian" version="12.5"
2024-06-26T14:51:34Z INFO [debian] Detecting vulnerabilities... os_version="12" pkg_num=88
2024-06-26T14:51:34Z INFO Number of language-specific files num=0
debian:12-slim (debian 12.5)
...
```
### Operating System
Rocky Linux 9.4
### Version
```bash
0.52.2
```
### Checklist
- [ ] Run `trivy clean --all`
- [X] Read [the troubleshooting](https://aquasecurity.github.io/trivy/latest/docs/references/troubleshooting/)
Discussed in https://github.com/aquasecurity/trivy/discussions/7025