Skip to content

Commit b357f7c

Browse files
hamir-suspecthamir-suspect
authored
feat(security-toolbox): add flag for scanners (#404)
## πŸ“ Description Sometimes we do not want to scan licenses so this enables us to set what scanners trivy is using ## βœ… Checklist - [x] I have tested this change - [ ] ~This change requires documentation update~
1 parent 80dd63b commit b357f7c

File tree

2 files changed

+6
-1
lines changed

2 files changed

+6
-1
lines changed

β€Žsecurity-toolbox/docker

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,10 @@ OptionParser.new do |parser|
2424
args[:severity] = severity
2525
end
2626

27+
parser.on("-c", "--scanners SCANNERS", "Comma-separated list of scanners to use (vuln,secret,license,misconfig)") do |scanners|
28+
args[:scanners] = scanners
29+
end
30+
2731
parser.on("-p", "--ignore-policy IGNORE_POLICY_PATH", "Ignore policy to use when scanning docker image") do |ignore_policy|
2832
args[:ignore_policy] = ignore_policy
2933
end

β€Žsecurity-toolbox/policies/docker/trivy_image.rb

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ def initialize(args)
1111
@image = args[:image]
1212
@severity = args[:severity] || "HIGH,CRITICAL"
1313
@ignore_policy = args[:ignore_policy] || nil
14+
@scanners = args[:scanners] || "vuln,secret,license,misconfig"
1415

1516
@skip_files = args[:skip_files].to_s.split(",") || []
1617
@skip_dirs = args[:skip_dirs].to_s.split(",") || []
@@ -24,7 +25,7 @@ def test
2425
"--severity #{@severity}",
2526
"--exit-on-eol 1",
2627
"--ignore-unfixed",
27-
"--scanners vuln,secret,license,misconfig",
28+
"--scanners #{@scanners}",
2829
"--format json",
2930
"--output out/docker-scan-trivy.json"
3031
]

0 commit comments

Comments
Β (0)