search

aquasecurity / trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
https://aquasecurity.github.io/trivy
Apache License 2.0
22.31k stars 2.2k forks source link

feat(misconf): Improve logging experience when `--ignorefile` not found #7093

Open simar7 opened 3 weeks ago

simar7 commented 3 weeks ago

Discussed in https://github.com/aquasecurity/trivy/discussions/7089

Originally posted by **mdirkse** July 3, 2024 ### Description If an ignore file is specified using the `--ignorefile` flag and that file doesn't exist Trivy does not produce any warning or error as a result of the misconfiguration. ### Desired Behavior If I configure a `--ignorefile` flag and the file it poitns to doesn't exist I expect Trivy to fail with a message that the file is missing or at the very least produce a clearly visible warning about the problem. ### Actual Behavior The missing file is silently ignored and no indication is given of the misconfiguration. ### Reproduction Steps 1. Create an empty directory and, inside, create an empty `main.tf` file 2. Run trivy as follows from inside the directory: `trivy config --ignorefile non-existant.yaml . --debug` 3. Marvel as it totally ignores the fact that the ignorefile doesn't actually exist ### Target AWS ### Scanner Misconfiguration ### Output Format Table ### Mode Standalone ### Debug Output ```bash 2024-07-03T11:48:02+02:00 DEBUG Cache dir dir="/home/test/.cache/trivy" 2024-07-03T11:48:02+02:00 DEBUG Parsed severities severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL] 2024-07-03T11:48:02+02:00 INFO Misconfiguration scanning is enabled 2024-07-03T11:48:02+02:00 DEBUG Policies successfully loaded from disk 2024-07-03T11:48:02+02:00 DEBUG Enabling misconfiguration scanners scanners=[azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot] 2024-07-03T11:48:02+02:00 DEBUG Initializing scan cache... type="memory" 2024-07-03T11:48:02+02:00 DEBUG [nuget] The nuget packages directory couldn't be found. License search disabled 2024-07-03T11:48:02+02:00 DEBUG Scanning files for misconfigurations... scanner="Terraform" 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.334904436 terraform.scanner Scanning [&{%!s(*mapfs.file=&{ [] {. 256 2147484096 {13950292872129774449 462327134 0x794e200} } {{{0 0} {[] {} 0xc002bdf850} map[main.tf:0xc0026f3ec8] 0}}}) .}] at '.'... 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.337353926 terraform.scanner.rego Overriding filesystem for checks! 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.338226381 terraform.scanner.rego Loaded 3 embedded libraries. 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.386686920 terraform.scanner.rego Loaded 192 embedded policies. 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.443052531 terraform.scanner.rego Loaded 195 checks from disk. 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.443383089 terraform.scanner.rego Overriding filesystem for data! 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.741278207 terraform.parser. Setting project/module root to '.' 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.741304842 terraform.parser. Parsing FS from '.' 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.741321287 terraform.parser. Parsing 'main.tf'... 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.741444275 terraform.parser. Added file main.tf. 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.741538386 terraform.scanner Scanning root module '.'... 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.741546217 terraform.parser. Setting project/module root to '.' 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.741550273 terraform.parser. Parsing FS from '.' 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.741558717 terraform.parser. Parsing 'main.tf'... 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.741633986 terraform.parser. Added file main.tf. 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.741643240 terraform.parser. Evaluating module... 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.741704561 terraform.parser. Read 2 block(s) and 0 ignore(s) for module 'root' (1 file[s])... 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.741718458 terraform.parser. Added 0 variables from tfvars. 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.741762398 terraform.parser. Working directory for module evaluation is "/home/maarten/Desktop/test" 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.741813565 terraform.parser..evaluator Filesystem key is 'ec10d010430afa2aca76276b18b5e38ab5a53af5ee2f782377570c2e9b491235' 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.741820271 terraform.parser..evaluator Starting module evaluation... 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.741860521 terraform.parser..evaluator Starting submodule evaluation... 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.741866442 terraform.parser..evaluator All submodules are evaluated at i=0 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.741870937 terraform.parser..evaluator Starting post-submodule evaluation... 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.741902687 terraform.parser..evaluator Finished processing 0 submodule(s). 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.741907769 terraform.parser..evaluator Module evaluation complete. 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.741912898 terraform.parser. Finished parsing module 'root'. 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.741920009 terraform.executor Adapting modules... 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.742114368 terraform.executor Adapted 1 module(s) into defsec state data. 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.742122027 terraform.executor Using max routines of 11 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.742202835 terraform.executor Initialized 487 rule(s). 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.742208659 terraform.executor Created pool with 11 worker(s) to apply rules. 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.742856975 terraform.scanner.rego Scanning 1 inputs... 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.744454344 terraform.executor Finished applying rules. 2024-07-03T11:48:02+02:00 DEBUG [misconf] 48:02.744469334 terraform.executor Applying ignores... 2024-07-03T11:48:02+02:00 DEBUG OS is not detected. 2024-07-03T11:48:02+02:00 INFO Detected config files num=1 2024-07-03T11:48:02+02:00 DEBUG Scanned config file path="." ``` ### Operating System Linux ### Version ```bash Version: 0.53.0 Check Bundle: Digest: sha256:ef2d9ad4fce0f933b20a662004d7e55bf200987c180e7f2cd531af631f408bb3 DownloadedAt: 2024-07-02 09:48:31.364978325 +0000 UTC ``` ### Checklist - [X] Run `trivy clean --all` - [X] Read [the troubleshooting](https://aquasecurity.github.io/trivy/latest/docs/references/troubleshooting/)