Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

trivy@1 failing with invalid argument "vuln,misconfig,secret" for "--scanners" #72

Open
JLoayza93 opened this issue Jul 25, 2024 · 5 comments
Open

trivy@1 failing with invalid argument "vuln,misconfig,secret" for "--scanners" #72

JLoayza93 opened this issue Jul 25, 2024 · 5 comments

Comments

@JLoayza93
Copy link

Yesterday the Azure DevOps Task trivy@1 had a change in code and stopped working. The check is still the same, we did not change anything. Before we had the following result in our pipeline:

/tmp/trivy fs --exit-code 0 --format json --output /tmp/trivy-results-0.824611976658125.json --security-checks vuln,config,secret --severity CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN /agent/_work/4/s/app-repo
2024-07-23T15:56:32.635Z WARN '--security-checks' is deprecated. Use '--scanners' instead.

After the change it is:

/tmp/trivy fs --exit-code 0 --format json --output /tmp/trivy-results-0.6645658262895782.json --severity CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN --scanners vuln,misconfig,secret /agent/_work/4/s/app-repo
Scan local filesystem
2024-07-25T05:27:26.919Z FATAL invalid argument "vuln,misconfig,secret" for "--scanners" flag: must be one of ["vuln" "config" "secret" "license"]
Usage:
trivy filesystem [flags] PATH

First the Scanners Error impacted us, but after this part was fixed, we still have a problem with the arguments.
aquasecurity/trivy#3762

Our YML task is setup like this:

  - task: trivy@1
    displayName: Trivy - Scan Repo
    inputs:
      version: v0.45.1
      docker: false
      severities: CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN
      path: ${{ parameters.scanSourcesPath }}
      exitCode: 0
@cjbush
Copy link

cjbush commented Jul 25, 2024

Also seeing this problem.

@tahmim-shibli
Copy link

We are also seeing the same problem.

@simonhillairetsrai
Copy link

In my case I removed the explicit version of Trivy to use the latest (I was also using version 0.45.1 explicitly). After that the task was successful.

@cjbush
Copy link

cjbush commented Jul 31, 2024
edited
Loading

In my case I removed the explicit version of Trivy to use the latest (I was also using version 0.45.1 explicitly). After that the task was successful.

@simonhillairetsrai That worked in our case too, but we have dozens of pipelines specifically referencing that version of trivy. It's going to be a royal PITA to have to change all of them.

cjbush pushed a commit to cjbush/trivy-azure-pipelines-task that referenced this issue Jul 31, 2024
aquasecurity#72 Fixes command line arguments for --scanners to be bac…
c8f859d 
…kwards compatible with previous version of trivy
@cjbush
Copy link

cjbush commented Jul 31, 2024

I put up a PR that I think should fix this. I welcome any feedback on it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@cjbush @JLoayza93 @tahmim-shibli @simonhillairetsrai