-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Documented default for --security-checks is incorrect #2104
Comments
Hi, @knqyf263. 👋🏽 I was looking to disable secret detection in the GitLab integration with Trivy due to it causing timeouts. When I checked the documentation, it seems that it should be disabled by default. But someone commented in a thread that it's enabled by default. If the documentation is incorrect, I'd be happy to send a quick PR. If the default is incorrect, I'm afraid that's beyond my abilities :-) |
Hi @thiago-gitlab, thanks for raising an issue. The documentation is incorrect. It would be appreciated if you fix it. As for timeout, yes, it can be slow if there are many files or large files. It is ok to disable secret scanning if you don't need it, but you can also tune the configuration. |
Done! Thanks for the recommendation and quick reply. We'll look into it after the tea sees how it plays with the existing secret scanner or else it may cause duplicate vulnerabilities to be reported. |
Thanks for the quick fix!
It was just FYI. It is up to you👍 |
Description
https://aquasecurity.github.io/trivy/v0.27.1/docs/references/cli/image/ states:
However, #2054 (comment) states:
What did you expect to happen?
One of:
--security-checks
to bevuln,secret
; OR--security-checks
to actually bevuln
.What happened instead?
A mismatch between the documented default and the actual default .
Output of run with
-debug
:Output of
trivy -v
:Additional details (base image name, container registry info...):
The text was updated successfully, but these errors were encountered: