🐛 Trivy config is not loaded #238
Description
Currently I want to bump the trivy action to the new version but I recognized that the trivy config is not loaded anymore.
This is my trivy config:
format: json
exit-code: 1
timeout: 10m
severity:
- CRITICAL
- HIGH
vulnerability:
ignore-unfixed: true
ignorefile: .trivyignoreThis is my workflow config:
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.11.0
env:
TRIVY_USERNAME: ${{ secrets.DOCKER_USERNAME }}
TRIVY_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
with:
image-ref: registry/image_name
trivy-config: trivy.yamlThese are the logs:
/usr/bin/docker run --name ed866efed28e34d34f41008823de6006fa81e5_745fcf --label ed866e --workdir /github/workspace --rm -e "JAVA_HOME" -e "JAVA_HOME_17_X64" -e "LD_PRELOAD" -e "INPUT_INPUT" -e "INPUT_TRIVY-CONFIG" -e "INPUT_SCAN-TYPE" -e "INPUT_IMAGE-REF" -e "INPUT_SCAN-REF" -e "INPUT_EXIT-CODE" -e "INPUT_IGNORE-UNFIXED" -e "INPUT_VULN-TYPE" -e "INPUT_SEVERITY" -e "INPUT_FORMAT" -e "INPUT_TEMPLATE" -e "INPUT_OUTPUT" -e "INPUT_SKIP-DIRS" -e "INPUT_SKIP-FILES" -e "INPUT_CACHE-DIR" -e "INPUT_TIMEOUT" -e "INPUT_IGNORE-POLICY" -e "INPUT_HIDE-PROGRESS" -e "INPUT_LIST-ALL-PKGS" -e "INPUT_SCANNERS" -e "INPUT_TRIVYIGNORES" -e "INPUT_ARTIFACT-TYPE" -e "INPUT_GITHUB-PAT" -e "INPUT_LIMIT-SEVERITIES-FOR-SARIF" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/backend/backend":"/github/workspace" ed866e:fed28e34d34f41008823de6006fa81e5 "-a image" "-b table" "-c " "-d " "-e false" "-f os,library" "-g UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL" "-h " "-i " "-j ." "-k " "-l image.tar" "-m " "-n " "-o " "-p " "-q " "-r false" "-s " "-t " "-u " "-v trivy.yaml" "-z "
Running Trivy with trivy.yaml config from: trivy.yaml
2023-06-06T08:33:16.705Z INFO Loaded trivy.yaml
2023-06-06T08:33:16.715Z INFO Need to update DB
2023-06-06T08:33:16.715Z INFO DB Repository: ghcr.io/aquasecurity/trivy-db
2023-06-06T08:33:16.715Z INFO Downloading DB...
2.45 MiB / 37.37 MiB [---->__________________________________________________________] 6.55% ? p/s ?4.82 MiB / 37.37 MiB [------->______________________________________________________] 12.90% ? p/s ?7.28 MiB / 37.37 MiB [------------>_________________________________________________] 19.49% ? p/s ?21.40 MiB / 37.37 MiB [--------------------------->____________________] 57.27% 31.58 MiB p/s ETA 0s37.37 MiB / 37.37 MiB [---------------------------------------------->] 100.00% 31.58 MiB p/s ETA 0s37.37 MiB / 37.37 MiB [---------------------------------------------->] 100.00% 31.58 MiB p/s ETA 0s37.37 MiB / 37.37 MiB [---------------------------------------------->] 100.00% 31.26 MiB p/s ETA 0s37.37 MiB / 37.37 MiB [---------------------------------------------->] 100.00% 31.26 MiB p/s ETA 0s37.37 MiB / 37.37 MiB [---------------------------------------------->] 100.00% 31.26 MiB p/s ETA 0s37.37 MiB / 37.37 MiB [---------------------------------------------->] 100.00% 29.24 MiB p/s ETA 0s37.37 MiB / 37.37 MiB [---------------------------------------------->] 100.00% 29.24 MiB p/s ETA 0s37.37 MiB / 37.37 MiB [-------------------------------------------------] 100.00% [17](https://github.com/repository/actions/runs/5186336542/jobs/9347305657?pr=10001#step:7:18).78 MiB p/s 2.3s2023-06-06T08:33:19.270Z INFO Vulnerability scanning is enabled
2023-06-06T08:33:19.270Z INFO Secret scanning is enabled
2023-06-06T08:33:19.270Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2023-06-06T08:33:19.270Z INFO Please see also https://aquasecurity.github.io/trivy/v0.42/docs/secret/scanning/#recommendation for faster secret detection
2023-06-06T08:33:30.317Z INFO JAR files found
2023-06-06T08:33:30.320Z INFO Java DB Repository: ghcr.io/aquasecurity/trivy-java-db:1
2023-06-06T08:33:30.320Z INFO Downloading the Java DB...
291.69 KiB / 432.93 MiB [>___________________________________________________________] 0.07% ? p/s ?515.69 KiB / 432.93 MiB [>___________________________________________________________] 0.12% ? p/s ?755.69 KiB / 432.93 MiB [>___________________________________________________________] 0.17% ? p/s ?995.69 KiB / 432.93 MiB [>____________________________________________] 0.22% 1.15 MiB p/s ETA 6m16s[18](https://github.com/repository/actions/runs/5186336542/jobs/9347305657?pr=10001#step:7:19).46 MiB / 432.93 MiB [-->____________________________________________] 4.26% 1.15 MiB p/s ETA 6m1s38.53 MiB / 432.93 MiB [---->_________________________________________] 8.90% 1.15 MiB p/s ETA 5m43s67.21 MiB / 432.93 MiB [------->_______________________________________] 15.53% 8.17 MiB p/s ETA 44s75.03 MiB / 432.93 MiB [-------->______________________________________] 17.33% 8.17 MiB p/s ETA 43s86.49 MiB / 432.93 MiB [--------->_____________________________________] 19.98% 8.17 MiB p/s ETA 42s109.21 MiB / 432.93 MiB [----------->_________________________________] 25.23% 12.11 MiB p/s ETA 26s138.23 MiB / 432.93 MiB [-------------->______________________________] 31.93% 12.11 MiB p/s ETA 24s167.35 MiB / 432.93 MiB [----------------->___________________________] 38.66% 12.11 MiB p/s ETA 21s181.76 MiB / 432.93 MiB [------------------>__________________________] 41.98% 18.63 MiB p/s ETA 13s190.69 MiB / 432.93 MiB [------------------->_________________________] 44.05% 18.63 MiB p/s ETA 13s205.48 MiB / 432.93 MiB [--------------------->_______________________] 47.46% 18.63 MiB p/s ETA 12s213.79 MiB / 432.93 MiB [---------------------->______________________] 49.38% 21.16 MiB p/s ETA 10s222.76 MiB / 432.93 MiB [----------------------->______________________] 51.46% 21.16 MiB p/s ETA 9s228.61 MiB / 432.93 MiB [------------------------>_____________________] 52.80% 21.16 MiB p/s ETA 9s240.31 MiB / 432.93 MiB [------------------------->____________________] 55.51% 22.67 MiB p/s ETA 8s251.75 MiB / 432.93 MiB [-------------------------->___________________] 58.15% 22.67 MiB p/s ETA 7s260.81 MiB / 432.93 MiB [--------------------------->__________________] 60.24% 22.67 MiB p/s ETA 7s274.71 MiB / 432.93 MiB [----------------------------->________________] 63.46% 24.88 MiB p/s ETA 6s285.59 MiB / 432.93 MiB [------------------------------>_______________] 65.97% 24.88 MiB p/s ETA 5s305.03 MiB / 432.93 MiB [-------------------------------->_____________] 70.46% 24.88 MiB p/s ETA 5s331.80 MiB / 432.93 MiB [----------------------------------->__________] 76.64% 29.43 MiB p/s ETA 3s360.81 MiB / 432.93 MiB [-------------------------------------->_______] 83.34% 29.43 MiB p/s ETA 2s385.46 MiB / 432.93 MiB [---------------------------------------->_____] 89.04% 29.43 MiB p/s ETA 1s415.92 MiB / 432.93 MiB [-------------------------------------------->_] 96.07% 36.61 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 36.61 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 36.61 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 36.07 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 36.07 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 36.07 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 33.75 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 33.75 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 33.75 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 31.57 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 31.57 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 31.57 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 29.53 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 29.53 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 29.53 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 27.63 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 27.63 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 27.63 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 25.85 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 25.85 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 25.85 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 24.18 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 24.18 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 24.18 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 22.62 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 22.62 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 22.62 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 21.16 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 21.16 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 21.16 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 19.79 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 19.79 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 19.79 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 18.52 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 18.52 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 18.52 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 17.32 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 17.32 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 17.32 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 16.20 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 16.20 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 16.20 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [-------------------------------------------->] 100.00% 15.16 MiB p/s ETA 0s432.93 MiB / 432.93 MiB [------------------------------------------------] 100.00% 31.05 MiB p/s 14s2023-06-06T08:33:45.238Z INFO The Java DB is cached for 3 days. If you want to update the database more frequently, the '--reset' flag clears the DB cache.
2023-06-06T08:33:45.246Z INFO Analyzing JAR files takes a while...
[20](https://github.com/repository/actions/runs/5186336542/jobs/9347305657?pr=10001#step:7:21)23-06-06T08:33:46.442Z INFO Detected OS: debian
2023-06-06T08:33:46.442Z INFO Detecting Debian vulnerabilities...
2023-06-06T08:33:46.500Z INFO Number of language-specific files: 1
2023-06-06T08:33:46.500Z INFO Detecting jar vulnerabilities...
2023-06-06T08:33:46.601Z INFO Table result includes only package filenames. Use '--format json' option to get the full path to the package file.
image.tar (debian 11.7)
=======================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
Java (jar)
==========
Total: [21](https://github.com/repository/actions/runs/5186336542/jobs/9347305657?pr=10001#step:7:22) (UNKNOWN: 0, LOW: 0, MEDIUM: 21, HIGH: 0, CRITICAL: 0)
┌────────────────────────────────────────────────────────────┬─────────────────────┬──────────┬───────────────────┬────────────────────────────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
├────────────────────────────────────────────────────────────┼─────────────────────┼──────────┼───────────────────┼────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
...