feat: trivy should not fail if one rego policy fails #4183
Assignees
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
priority/backlog
Higher priority than priority/awaiting-more-evidence.
scan/misconfiguration
Issues relating to misconfiguration scanning
Comments
simar7
added
the
kind/feature
knqyf263
added
priority/backlog
|
Related discussion as this pertains more to the behaviour OPA has when a rego policy fails during compile phase - https://github.com/orgs/open-policy-agent/discussions/417 |
simar7
added a commit
to aquasecurity/defsec
that referenced
this issue
May 9, 2023
Fixes: aquasecurity/trivy#4183 Signed-off-by: Simar <[email protected]>
simar7
added a commit
to aquasecurity/defsec
that referenced
this issue
May 16, 2023
Fixes: aquasecurity/trivy#4183 Signed-off-by: Simar <[email protected]>
simar7
added a commit
to aquasecurity/defsec
that referenced
this issue
May 19, 2023
* feat(rego): Retry if some policies are broken Fixes: aquasecurity/trivy#4183 Signed-off-by: Simar <[email protected]> * update all interfaces and fix tests Signed-off-by: Simar <[email protected]> * beef up tests Signed-off-by: Simar <[email protected]> --------- Signed-off-by: Simar <[email protected]>
|
Will be included in the next defsec dependency update for Trivy |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Today trivy fails out on a scan even if one policy has an issue. An example of this is here: #4124
We should handle this more gracefully, for instance show an error to the user about the failing policy and continue with scanning the rest of the policies.
The text was updated successfully, but these errors were encountered: