Open MichaelMorozovCodit opened 3 months ago
In the second run does it just fail or does it also print out the vulnerabilities and you just omitted them?
Does it work if you run directly run trivy fs --skip-dirs ./tests .
?
It just fails, no report. The output above is the exact output I receive in the terminal of my IDE, so no, no report. Before I tried this hook, I was running trivy as a custom script I inserted in the pre-commit
file of the .git
folder, and I worked as expected.
ok, there is also the other message: - files were modified by this hook
. Is the pre-commit hook maybe "failing" because of a modified file? not sure which one this could be but the error message would hint to something like that
Well that's the thing, idk if your hook automatically edits files? If yes, the issue must lie there. If not, I wouldn't know where this message would come from. As I said, running a custom trivy script in the pre-commit
file gives no problems. This script looks like this:
if ! command -v trivy >/dev/null 2>&1; then
echo "trivy not installed, run trivy_install.ps1 or install trivy manually and add to path."
else
echo "Running trivy scan..."
trivy repo ./
fi
the only file that would "change" is the `.pre-commit-trivy-cache´ do you see this modified after the failed run? I would assume that this is in the gitignore part and should therefore be ignored?
Finding returns the following:
To ignore these findings I add these to the .trivyignore:
Executing
git add -A
and thengit commit -m "message"
returns a failed test but no findings:Adding the detected vulnerabilities should return a
Passed
test.pre-commit-config
looks like this forpre-commit-trivy
Running on Windows 11.