Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(aws): Add support to see successes in results #4427

Merged
merged 1 commit into from
Jun 13, 2023
Merged

feat(aws): Add support to see successes in results #4427

merged 1 commit into from
Jun 13, 2023

Conversation

simar7
Copy link
Member

@simar7 simar7 commented May 17, 2023

Signed-off-by: Simar simar@linux.com

Description

Add the ability to show successes when evaluating AWS results

Related issues

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@simar7 simar7 added scan/misconfiguration Issues relating to misconfiguration scanning target/cloud Issues relating to cloud account scanning labels May 17, 2023
@simar7 simar7 self-assigned this May 17, 2023
@simar7
Copy link
Member Author

simar7 commented May 30, 2023

Should we make this the new default for JSON output? Or should we introduce a new command line flag? --show-successes?

Based on the last call I had with Itay, I think we concluded that today Trivy shows failures for "things that are genuinely wrong/bad" and not because "they don't exist". Based on this, if we show things that PASS, they will only show up if they didn't FAIL.

Or in other words, you won't see passing results for things that were not evaluated because of any reason (not applicable, not found, etc.)

Based on the above, I lean towards a new flag.

Thoughts? @knqyf263 and @itaysk

@knqyf263
Copy link
Collaborator

Is it something different from --include-non-failures?

$ trivy config -h | grep success
      --include-non-failures      include successes and exceptions, available with '--scanners config'

@simar7
Copy link
Member Author

simar7 commented May 31, 2023

Is it something different from --include-non-failures?

$ trivy config -h | grep success
      --include-non-failures      include successes and exceptions, available with '--scanners config'

Oh interesting, I didn't know about that flag. Will try it out.

@simar7
feat(aws): Add support to see successes in results
47f9a74 
Fixes: #4417

Signed-off-by: Simar <simar@linux.com>
@simar7 simar7 marked this pull request as ready for review June 2, 2023 23:05
@simar7 simar7 requested a review from knqyf263 as a code owner June 2, 2023 23:05
simar7
simar7 commented Jun 2, 2023
View reviewed changes
pkg/cloud/aws/commands/run.go
Comment on lines +145 to +148
res := results.GetFailed()
if opt.MisconfOptions.IncludeNonFailures {
res = results
}
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like the flag wasn't used in Cloud scanning, I've added it here. The results will still only be shown in the JSON output.

@knqyf263
Copy link
Collaborator

knqyf263 commented Jun 4, 2023

@simar7 Is this ready for review now?

@simar7
Copy link
Member Author

simar7 commented Jun 5, 2023

@simar7 Is this ready for review now?

Yes, I've marked it ready for review (out of draft). Let me know how it goes and if I can answer any questions.

@knqyf263
Copy link
Collaborator

knqyf263 commented Jun 6, 2023

LGTM, but we're in the bug fix sprint now for v0.42.1. I'll merge this PR afterward.

@simar7 simar7 enabled auto-merge June 13, 2023 17:20
@simar7 simar7 added this pull request to the merge queue Jun 13, 2023
Merged via the queue into main with commit aecd2f0 Jun 13, 2023
9 checks passed
@simar7 simar7 deleted the aws-include-non-failures branch June 13, 2023 17:58
AnaisUrlichs pushed a commit to AnaisUrlichs/trivy that referenced this pull request Aug 10, 2023
@simar7 @AnaisUrlichs
feat(aws): Add support to see successes in results (aquasecurity#4427)
dae3d8a 
Fixes: aquasecurity#4417

Signed-off-by: Simar <simar@linux.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knqyf263 knqyf263 knqyf263 approved these changes

Assignees

@simar7 simar7

Labels
scan/misconfiguration Issues relating to misconfiguration scanning target/cloud Issues relating to cloud account scanning
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat: Include Non Failures in AWS scan report
2 participants
@simar7 @knqyf263