Replies: 2 comments
-
|
hi @majchrzw are you able to share your project layout? It'll help us understand better but to answer your questions:
Not quite, it means it found 2 relevant config files. The others might not be relevant or valid for the kind scan you are running.
This output simply shows how many config files were scanned. It doesn't convey anything about success or failure. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for answering @simar7, my project layout look like this: terraform-modules
├── README.md
├── junit.tpl
└── modules
├── network
│ ├── context.tf
│ ├── dns_namespace.tf
│ ├── gateway_endpoinst.tf
│ ├── igw.tf
│ ├── mappings.tf
│ ├── nat.tf
│ ├── outputs.tf
│ ├── route_tables.tf
│ ├── subnets.tf
│ ├── variables.tf
│ ├── versions.tf
│ └── vpc.tf
├── cloudwatch
│ ├── cloudwatch.tf
│ ├── context.tf
│ ├── mappings.tf
│ ├── outputs.tf
│ ├── variables.tf
│ └── versions.tf
├── default-security-group
│ ├── context.tf
│ ├── default_security_group.tf
│ ├── mappings.tf
│ ├── outputs.tf
│ ├── variables.tf
│ └── versions.tf
├── discovery-private-dns-namespace
│ ├── context.tf
│ ├── mappings.tf
│ ├── namespace.tf
│ ├── outputs.tf
│ └── variables.tf
├── elastic-ip-address
│ ├── context.tf
│ ├── eip.tf
│ ├── mappings.tf
│ ├── outputs.tf
│ ├── variables.tf
│ └── versions.tf
├── flow-log
│ ├── context.tf
│ ├── flow_log.tf
│ ├── flow_log_assume_policy.tf
│ ├── flow_log_cloudwatch.tf
│ ├── flow_log_role.tf
│ ├── mappings.tf
│ ├── outputs.tf
│ ├── variables.tf
│ └── versions.tf
├── iam-role
│ ├── context.tf
│ ├── mappings.tf
│ ├── outputs.tf
│ ├── role.tf
│ ├── role_default_assume_role_policy.tf
│ ├── variables.tf
│ └── versions.tf
├── internet-gateway
│ ├── context.tf
│ ├── igw.tf
│ ├── mappings.tf
│ ├── outputs.tf
│ ├── variables.tf
│ └── versions.tf
├── key-management-service
│ ├── context.tf
│ ├── kms.tf
│ ├── mappings.tf
│ ├── outputs.tf
│ ├── variables.tf
│ └── versions.tf
├── network-address-translation
│ ├── context.tf
│ ├── eip.tf
│ ├── mappings.tf
│ ├── nat.tf
│ ├── outputs.tf
│ ├── variables.tf
│ └── versions.tf
├── route-table
│ ├── context.tf
│ ├── mappings.tf
│ ├── outputs.tf
│ ├── route_table.tf
│ ├── variables.tf
│ └── versions.tf
├── subnet
│ ├── context.tf
│ ├── mappings.tf
│ ├── outputs.tf
│ ├── subnet.tf
│ ├── variables.tf
│ └── versions.tf
├── virtual-private-cloud
│ ├── context.tf
│ ├── default_security_group.tf
│ ├── flow_log.tf
│ ├── mappings.tf
│ ├── outputs.tf
│ ├── variables.tf
│ ├── versions.tf
│ └── vpc.tf
└── vpc-gateway-endpoint
├── context.tf
├── mappings.tf
├── outputs.tf
├── variables.tf
├── versions.tf
└── vpc_gateway_endpoint.tfAnd I'm running trivy from |
Beta Was this translation helpful? Give feedback.
-
Question
Hi, I'm trying to use trivy to perform checks in my terraform configuration in CI pipelines, but I'm encountering a few things that I don't understand. Main issue for me is that when using command
trivy config .which should scan all files from this directory, I encounter error:I am aware of what this error means (same as in other issues here), but I don't understand trivy behavior after this error. I have let's say 10 directories I want to scan but I can see trivy scanning only first two when encountering this error based on this log:
When I delete terraform configs that cause the error, trivy scans only 3 modules and stops working which is also strange for me, because there are many more config files in this directory.
So I assume that trivy failed after this error and stopped working, yet returned status 0. This leads my pipeline to thinking that job was successful, but in my opinion it failed. Therefore I want to ask, whether this is expected, and how should I handle such errors in my pipeline. Also how can I ensure that all directories are scanned. The issue is present in my CI pipeline, but also occurs when running locally.
Target
Container Image
Scanner
Misconfiguration
Output Format
None
Mode
Standalone
Operating System
macOS Sonoma
Version
Beta Was this translation helpful? Give feedback.
All reactions