-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rename trivy config
to trivy iac
for clarity
#5585
Comments
@simar7 @itaysk @DmitriyLewen @nikpivkin If we all agree on that, I'll add it to the v0.48.0 milestone and update it quickly. |
you raise an interesting point. my motivation to suggest the change was to disambiguate from configuring trivy, and to connect with a common term that most users are familiar with. you bring another argument, that makes sense now but I'm not sure that scanning application configuration is out of scope for Trivy. It might be that we'll add for example nginx or postgresql or wordpress configuration scanning sometime. But in my opinion even if we do that it's still ok to call it IaC scanning. So bottom line is I support this change, but wanted to just make this clarification. |
Given the plan, I'm not sure if we want to call it IaC. People don't think they can scan Nginx with I have some more ideas, but none of them look good. Please let me sort them out, andg I'd like to hear your thoughts.
|
I'm not sure about this. We have the --config-policy flag. The user might think that this is the path to the configuration file (that was my first thought when I read this name).
I think it makes sense if we don't add middleware or application support.
We already have 2 options for scanning misocnfigurations:
I was already wondering why we have two different ways to scan for misconfigurations. |
I kinda like the simplicity of
Given this I also agree |
As I described here, we separately define target and scanner now, and the subcommand currently corresponds to targets (there are some exceptions like Similarly,
Therefore,
|
How about expanding config to something like this. I'm personally not a fan of wildcards and generic terms like "iac". |
Trivy currently has |
Description
This issue proposes renaming
trivy config
totrivy iac
. Initially, whentrivy config
was added, we anticipated scanning Wordpress configuration files and detecting configuration errors in Nginx and Ruby on Rails. This led to the belief that the term 'IaC scanning' might become confusing in the near future. However, the current situation has evolved differently: scanning for Wordpress has been exclusively added to the commercial version, and there are no immediate plans to extend support beyond Infrastructure as Code (IaC).Given this development, the name
trivy iac
more accurately reflects the tool's current functionality and focus. To ensure backward compatibility and minimize disruption for existing users, thetrivy config
command will remain functional. It will not be prominently featured in the documentation to encourage the transition to the newtrivy iac
terminology but will still be available for use.Reference
#5558
The text was updated successfully, but these errors were encountered: