Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(terraform) adding trivy:ignore for tf scans to align with trivy #1188

Merged
merged 5 commits into from
Feb 27, 2023
Merged

feat(terraform) adding trivy:ignore for tf scans to align with trivy #1188

merged 5 commits into from
Feb 27, 2023

Conversation

giorod3
Copy link
Contributor

@giorod3 giorod3 commented Feb 17, 2023

Aligning with trivy to allow inline ignores using trivy:ignore.

@giorod3 giorod3 requested a review from simar7 as a code owner February 17, 2023 22:17
simar7
simar7 reviewed Feb 20, 2023
View reviewed changes
pkg/scanners/terraform/scanner_test.go
Comment on lines +69 to +86
func Test_TrivyOptionWithAlternativeIDProvider(t *testing.T) {
reg := rules.Register(alwaysFailRule, nil)
defer rules.Deregister(reg)

options := []options.ScannerOption{
ScannerWithAlternativeIDProvider(func(s string) []string {
return []string{"something", "altid", "blah"}
}),
}
results := scanWithOptions(t, `
//trivy:ignore:altid
resource "something" "else" {}
`, options...)
require.Len(t, results.GetFailed(), 0)
require.Len(t, results.GetIgnored(), 1)

}

Copy link
Member

@simar7 simar7 Feb 20, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As most of the other inputs are the same, can we make this into a table driven test instead? So something like:

testCases := []struct{
name string
inputOptions string}{
{ name: "tfsec", inputOptions: "..."}}

then you can iterate over them as inputs:

for _, tc := range testCases {
t.Run(...)
}

simar7
simar7 reviewed Feb 20, 2023
View reviewed changes
test/trivy_ignore_test.go Outdated
@@ -0,0 +1,393 @@
package test
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Likewise with this file as well. ignore_test.go could include all the ignores, trivy and tfsec as test inputs for each of the existing tests within ignore_test.go.

simar7
simar7 reviewed Feb 20, 2023
View reviewed changes
test/trivy_ignore_test.go Outdated Show resolved Hide resolved
@giorod3
Copy link
Contributor Author

giorod3 commented Feb 27, 2023

@simar7 I made the changes we discussed. please review and merge if all looks good

@simar7 simar7 force-pushed the feature/adding-trivy-ignore-for-tf-files branch from 076100f to 46ad24d Compare February 27, 2023 22:56
@simar7 simar7 self-requested a review February 27, 2023 23:24
@simar7 simar7 merged commit a964721 into master Feb 27, 2023
@simar7 simar7 deleted the feature/adding-trivy-ignore-for-tf-files branch February 27, 2023 23:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simar7 simar7 simar7 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@giorod3 @simar7 @giorodaqua