From 2a2157eb22c08c9a1fac99263430307b8d1bc7a2 Mon Sep 17 00:00:00 2001 From: rahul2393 Date: Thu, 11 Nov 2021 02:41:56 +0530 Subject: [PATCH] chore: Include skip options other than severity filter option when building SARIF report. (#79) --- entrypoint.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 4e9a751..d228136 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -70,6 +70,7 @@ if [ $cacheDir ];then GLOBAL_ARGS="$GLOBAL_ARGS --cache-dir $cacheDir" fi +SARIF_ARGS="" ARGS="" if [ $format ];then ARGS="$ARGS --format $format" @@ -82,9 +83,11 @@ if [ $exitCode ];then fi if [ "$ignoreUnfixed" == "true" ] && [ "$scanType" != "config" ];then ARGS="$ARGS --ignore-unfixed" + SARIF_ARGS="$SARIF_ARGS --ignore-unfixed" fi if [ $vulnType ] && [ "$scanType" != "config" ];then ARGS="$ARGS --vuln-type $vulnType" + SARIF_ARGS="$SARIF_ARGS --vuln-type $vulnType" fi if [ $severity ];then ARGS="$ARGS --severity $severity" @@ -96,6 +99,7 @@ if [ $skipDirs ];then for i in $(echo $skipDirs | tr "," "\n") do ARGS="$ARGS --skip-dirs $i" + SARIF_ARGS="$SARIF_ARGS --skip-dirs $i" done fi if [ $timeout ];then @@ -103,6 +107,7 @@ if [ $timeout ];then fi if [ $ignorePolicy ];then ARGS="$ARGS --ignore-policy $ignorePolicy" + SARIF_ARGS="$SARIF_ARGS --ignore-policy $ignorePolicy" fi if [ "$hideProgress" == "true" ];then ARGS="$ARGS --no-progress" @@ -117,8 +122,8 @@ returnCode=$? # regardless of severity level specified in this report. # This is a feature, not a bug :) if [[ ${template} == *"sarif"* ]]; then - echo "Building SARIF report" - trivy --quiet ${scanType} --format template --template ${template} --output ${output} ${artifactRef} + echo "Building SARIF report with options: ${SARIF_ARGS}" "${artifactRef}" + trivy --quiet ${scanType} --format template --template ${template} --output ${output} $SARIF_ARGS ${artifactRef} fi exit $returnCode