Skip to content

Commit

Permalink
fix: Specify types of dependencies to analyze
Browse files Browse the repository at this point in the history
It's only necessary to specifiy these types when running the scanners directly, as we do.
When running Trivy via the command line it's not necessary.

See aquasecurity/trivy#7237
  • Loading branch information
afsmeira committed Aug 29, 2024
1 parent 0e10696 commit 7bdc937
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions internal/tool/tool.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,10 @@ import (
"strings"

"github.com/aquasecurity/trivy/pkg/fanal/secret"
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/flag"
"github.com/aquasecurity/trivy/pkg/log"
ptypes "github.com/aquasecurity/trivy/pkg/types"
types "github.com/aquasecurity/trivy/pkg/types"
codacy "github.com/codacy/codacy-engine-golang-seed/v6"
"github.com/samber/lo"
Expand Down Expand Up @@ -97,7 +99,9 @@ func (t codacyTrivy) runVulnerabilityScanning(ctx context.Context, toolExecution
},
PackageOptions: flag.PackageOptions{
// Only scan libraries not OS packages.
PkgTypes: []string{types.PkgTypeLibrary},
PkgTypes: []string{ptypes.PkgTypeLibrary},
// Scan packages with all possible relationships (direct, indirect, etc).
PkgRelationships: ftypes.Relationships,
},
ReportOptions: flag.ReportOptions{
// Listing all packages will allow to obtain the line number of a vulnerability.
Expand All @@ -106,7 +110,7 @@ func (t codacyTrivy) runVulnerabilityScanning(ctx context.Context, toolExecution
ScanOptions: flag.ScanOptions{
// Do not try to connect to the internet to download vulnerability DBs, for example.
OfflineScan: true,
Scanners: types.Scanners{types.VulnerabilityScanner},
Scanners: ptypes.Scanners{ptypes.VulnerabilityScanner},
// Instead of scanning files individually, scan the whole source directory since it's faster.
// Then filter issues from files that were not supposed to be analysed.
Target: toolExecution.SourceDir,
Expand Down

0 comments on commit 7bdc937

Please sign in to comment.