mxab
commented
1 year ago Sounds interesting, not sure I complete follow ?
You mean having another hook that only reacts on the trivy.yaml ?
Closed jmreicha closed 1 year ago
mxab
commented
1 year ago Sounds interesting, not sure I complete follow ?
You mean having another hook that only reacts on the trivy.yaml ?
jmreicha
commented
1 year ago If I'm understanding how everything works correctly, it would basically be another simple check. Something like the following would be the raw Docker command, which I think would map to pre-commit. I think if the config file were mounted in then it should be able to read the trivy.yaml file.
This should work against any repo with a Dockerfile in it if you want to try testing.
docker run -t --rm -v $PWD:/src -v /tmp/trivycache:/root/.cache/ aquasec/trivy confPotentially something like this in pre-commit?
- id: trivyconfig-docker
name: trivyconfig-docker
entry: aquasec/trivy:0.37.1 config --cache-dir /src/.pre-commit-trivy-cache
language: docker_image
pass_filenames: falseSorry for responding so late. Could you create a PR?
I created a example repo as well, maybe you could create a show case there too
jmreicha
commented
1 year ago Sure thing, will try to get around to it in the next few days here.
jmreicha
commented
1 year ago https://github.com/mxab/pre-commit-trivy/pull/7.
Will get a PR going in the example repo as well.
mxab
commented
1 year ago Nice, currently without my computer. Will look at it begin of next week
mxab
commented
1 year ago Thank you :)
Created a new release
jmreicha
commented
1 year ago Nice, I will give it a test and update docs in the example repo.
Stumbled across repo this from a discussion in the Trivy repo regarding pre-commit hooks. Was wondering if you would be interested in adding support for the
configflag for e.g. scanning Dockerfiles and other IaC? I can create a PR to add if so.