Fix trivy entrypoint command #123
Conversation
|
🙏 |
| const trivyOptions: ExecOptions = await getTrivyExecOptions(); | ||
| console.log(`Scanning for vulnerabilties in image: ${imageName}`); | ||
| const trivyToolRunner = new ToolRunner(trivyPath, [imageName], trivyOptions); | ||
| const trivyToolRunner = new ToolRunner(trivyPath, [trivyCommand, imageName], trivyOptions); |
There was a problem hiding this comment.
I'm wondering if we need to add an additional check before adding the command here in case an older version of trivy is downloaded. There is a hard coded version of trivy that the code defaults to here:
https://github.com/Azure/container-scan/blob/master/src/trivyHelper.ts#L288, and here: https://github.com/Azure/container-scan/blob/master/src/trivyHelper.ts#L17, if the code is not able to determine a version number from the latest tag.
Maybe it would be worth removing, or updating the stable version number?
There was a problem hiding this comment.
Good catch! Trivy stable version has been updated to v0.22.0.
|
Can I help? I'd like to get builds running again. |
|
Yeah, currently builds are impacted. Do we know when this fix be available? |
|
@koushdey - would you be able to review/approve this PR? (sorry for being pushy but this action is currently broken and needs a fix ASAP.) |
|
@ajinkya599 it looks like you recently contributed to this repo. Any chance you can help out? |
|
Bump! @shigupt202 @microsoftopensource Can we get approval of this or #125 to remedy this regression? Actions are failing across GitHub since
|
koushdey
left a comment
koushdey
left a comment
There was a problem hiding this comment.
LGTM. Thanks for raising the PR.
* Fix trivy entrypoint command to scan image * Bump stable Trivy version to v0.22.0
8 participants
Trivy v0.23.0 removed the deprecated root command for
trivy [image-name]. The old command has been replaced bytrivy image [command options] image_name.Fixes #122