fix: scan and helm install command update

Author: anket-cd

cmd/sdkr/scan.go

@@ -9,6 +9,8 @@ import (
 	"github.com/spf13/cobra"
 )
 
+var timeout int
+
 // scanCmd provides functionality to scan a Docker image for known security issues.
 // It supports both direct command-line arguments and configuration file values for the image name,
 // and optionally allows saving the scan report to a specified SARIF file.
@@ -34,7 +36,7 @@ var scanCmd = &cobra.Command{
 		}
 
 		pterm.Info.Printf("Scanning Docker image %q...\n", imageRef)
-		err := docker.Trivy(imageRef, useAI)
+		err := docker.Trivy(imageRef, timeout, useAI)
 		if err != nil {
 			return err
 		}
@@ -51,5 +53,6 @@ var scanCmd = &cobra.Command{
 
 func init() {
 	scanCmd.Flags().BoolVar(&useAI, "ai", false, "To enable AI help mode, export the OPENAI_API_KEY environment variable with your OpenAI API key.")
+	scanCmd.Flags().IntVar(&timeout, "timeout", 600, "timeout for docker image scan")
 	sdkrCmd.AddCommand(scanCmd)
 }

internal/docker/scan.go

@@ -12,9 +12,9 @@ import (
 
 // Trivy runs 'trivy image' to scan a Docker image for vulnerabilities
 // and displays the results. It's a simplified version that accepts just the image name and tag.
-func Trivy(dockerImage string, useAI bool) error {
+func Trivy(dockerImage string, timeout int, useAI bool) error {
 	ctx := context.Background()
-	args := []string{"image", dockerImage, "--format", "table"}
+	args := []string{"image", dockerImage, string(timeout), "--format", "table"}
 
 	cmd := exec.CommandContext(ctx, "trivy", args...)
 	var stdoutBuf, stderrBuf bytes.Buffer

internal/helm/install.go

@@ -579,7 +579,7 @@ func isSafeDirectory(dir string) bool {
 		}
 
 		// Check if it's in user's home directory (potentially unsafe)
-if homeDir := os.Getenv("HOME"); homeDir != "" && strings.HasPrefix(dir, homeDir) {
+		if homeDir := os.Getenv("HOME"); homeDir != "" && strings.HasPrefix(dir, homeDir) {
 			return false
 		}