Closed jmreicha closed 1 year ago
Sounds interesting, not sure I complete follow ?
You mean having another hook that only reacts on the trivy.yaml
?
If I'm understanding how everything works correctly, it would basically be another simple check. Something like the following would be the raw Docker command, which I think would map to pre-commit. I think if the config file were mounted in then it should be able to read the trivy.yaml
file.
This should work against any repo with a Dockerfile in it if you want to try testing.
docker run -t --rm -v $PWD:/src -v /tmp/trivycache:/root/.cache/ aquasec/trivy conf
Potentially something like this in pre-commit?
- id: trivyconfig-docker
name: trivyconfig-docker
entry: aquasec/trivy:0.37.1 config --cache-dir /src/.pre-commit-trivy-cache
language: docker_image
pass_filenames: false
Sorry for responding so late. Could you create a PR?
I created a example repo as well, maybe you could create a show case there too
Sure thing, will try to get around to it in the next few days here.
https://github.com/mxab/pre-commit-trivy/pull/7.
Will get a PR going in the example repo as well.
Nice, currently without my computer. Will look at it begin of next week
Thank you :)
Created a new release
Nice, I will give it a test and update docs in the example repo.
Stumbled across repo this from a discussion in the Trivy repo regarding pre-commit hooks. Was wondering if you would be interested in adding support for the
config
flag for e.g. scanning Dockerfiles and other IaC? I can create a PR to add if so.