Open rochana-atapattu opened 5 months ago
If you want to ignore .terraform
, I think you can use .trivyignore
.
Hmm. The crash of reviewdog is an issue of reviewdog. But it's good for tfaction to handle the issue.
If you want to ignore
.terraform
, I think you can use.trivyignore
.
it would be nice to actually get issues related to the modules we depend on, I guess until trivy comes up with a solution I'll have to ignore .terraform dir.
Hmm. The crash of reviewdog is an issue of reviewdog. But it's good for tfaction to handle the issue.
yeah, it can be confusing whether its an issue with trivy or reviewdog otherwise.
thank you for the feedback.
tfaction version
v1.4.0
Overview
I have noticed when the trivy output is too long reviewdog (I think) fails, crashing the pipeline. as a workaround I have added
trivy.yaml
which helps sometimes but not a good solution.Also trivy scans modules/examples in
.terraform
folder. this is specially annoying when using open source modules like gcp modules where there could be multiple modules we don't use in the current config and trivy scans and reports issues in them producing a huge list of useful and useless information.How to reproduce
main.tf
GitHub Actions' log
Expected behaviour
pipeline should pass
Actual behaviour
pipeline failure
Important Factoids
No response
Note
Most of the findings here are not necessary because I'm not using them in my config.
:x: Trivy error
Build link | trivy
Working Directory:
modules/network