Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(misconf): Selectively enable misconfiguration scanners #4901

Closed
simar7 opened this issue Aug 1, 2023 · 1 comment · Fixed by #5670
Closed

feat(misconf): Selectively enable misconfiguration scanners #4901

simar7 opened this issue Aug 1, 2023 · 1 comment · Fixed by #5670
Assignees
@simar7
Labels
kind/feature Categorizes issue or PR as related to a new feature. scan/misconfiguration Issues relating to misconfiguration scanning
Milestone
v0.48.0

Comments

@simar7
Copy link
Member

simar7 commented Aug 1, 2023
edited
Loading

Today we don't have a good way to specify only certain misconfiguration scanners to be run and certain to be disabled. For instance with a file directory input like so:

$ ls
Dockerfile
chart.yaml
main.tf

trivy config will scan all of the files. We can limit to an extent by providing file extensions, paths and/or globbing to exclude/include certain types but the approach seems rather convoluted.

Therefore, having a flag to enable selective scanners only (similar to -vuln-type) in config scan will help. I propose that we can pick --config-type as the flag name and provide values such as: dockerfile, helm, terraform.

The use case will look like the following:
trivy config --config-type=dockerfile,helm

Will only scan dockerfile and helm.
@simar7 simar7 added kind/feature Categorizes issue or PR as related to a new feature. scan/misconfiguration Issues relating to misconfiguration scanning labels Aug 1, 2023
@nikpivkin nikpivkin self-assigned this Aug 14, 2023
@nikpivkin nikpivkin mentioned this issue Aug 14, 2023
Closed
8 tasks
@simar7 simar7 mentioned this issue Sep 7, 2023
Closed
@mogopz
Copy link

mogopz commented Nov 3, 2023
edited
Loading

This would be great to have. We're blocked from migrating away from tfsec until this is possible.

@simar7 simar7 self-assigned this Nov 28, 2023
@simar7 simar7 added this to the v0.48.0 milestone Nov 28, 2023
simar7 added a commit that referenced this issue Nov 28, 2023
@simar7
feat(misconf): Add --misconfig-scanners option
c14e0d7 
Fixes: #4901
@simar7 simar7 mentioned this issue Nov 28, 2023
Merged
6 tasks
@knqyf263 knqyf263 mentioned this issue Dec 17, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@simar7 simar7

Labels
kind/feature Categorizes issue or PR as related to a new feature. scan/misconfiguration Issues relating to misconfiguration scanning
Projects
Trivy Roadmap
Archived in project
Milestone
v0.48.0
3 participants
@simar7 @mogopz @nikpivkin