diff --git a/pkg/plugins/trivy/image.go b/pkg/plugins/trivy/image.go index 1fa332fee..5e4366ed0 100644 --- a/pkg/plugins/trivy/image.go +++ b/pkg/plugins/trivy/image.go @@ -561,84 +561,87 @@ func getCommandAndArgs(ctx trivyoperator.PluginContext, mode Mode, imageRef stri command := []string{ "trivy", } - trivyConfig := ctx.GetTrivyOperatorConfig() - compressLogs := trivyConfig.CompressLogs() - c, err := getConfig(ctx) + trivyOperatorConfig := ctx.GetTrivyOperatorConfig() + trivyConfig, err := getConfig(ctx) + if err != nil { return []string{}, []string{} } - slow := Slow(c) - sbomSources := c.GetSbomSources() - skipJavaDBUpdate := SkipJavaDBUpdate(c) - cacheDir := c.GetImageScanCacheDir() - vulnTypeArgs := vulnTypeFilter(ctx) - scanners := Scanners(c) - var vulnTypeFlag string - if len(vulnTypeArgs) == 2 { - vulnTypeFlag = fmt.Sprintf("%s %s ", vulnTypeArgs[0], vulnTypeArgs[1]) + // Arguments first. + args := []string{ + "image", + imageRef, + } + + // Options in alphabetic order. + cacheDir := trivyConfig.GetImageScanCacheDir() + args = append(args, "--cache-dir", cacheDir) + + args = append(args, "--format", "json") + + imcs := imageConfigSecretScanner(trivyOperatorConfig) + if len(imcs) > 0 { + args = append(args, imcs...) + } + + args = append(args, "--quiet") + + sbomSources := trivyConfig.GetSbomSources() + if len(sbomSources) > 0 { + args = append(args, []string{"--sbom-sources", sbomSources}...) } - imcs := imageConfigSecretScanner(trivyConfig) - var imageconfigSecretScannerFlag string - if len(imcs) == 2 { - imageconfigSecretScannerFlag = fmt.Sprintf("%s %s ", imcs[0], imcs[1]) + + scanners := Scanners(trivyConfig) + args = append(args, scanners, getSecurityChecks(ctx)) + + if len(trivyServerURL) > 0 { + args = append(args, []string{"--server", trivyServerURL}...) } + var skipUpdate string - if c.GetClientServerSkipUpdate() && mode == ClientServer { - skipUpdate = SkipDBUpdate(c) + if trivyConfig.GetClientServerSkipUpdate() && mode == ClientServer { + skipUpdate = SkipDBUpdate(trivyConfig) } else if mode != ClientServer { - skipUpdate = SkipDBUpdate(c) + skipUpdate = SkipDBUpdate(trivyConfig) + } + if len(skipUpdate) > 0 { + args = append(args, skipUpdate) } - if !compressLogs { - args := []string{ - "--cache-dir", - cacheDir, - "--quiet", - "image", - scanners, - getSecurityChecks(ctx), - "--format", - "json", - } - if len(trivyServerURL) > 0 { - args = append(args, []string{"--server", trivyServerURL}...) - } - args = append(args, imageRef) - if len(slow) > 0 { - args = append(args, slow) - } - if len(vulnTypeArgs) > 0 { - args = append(args, vulnTypeArgs...) - } - if len(imcs) > 0 { - args = append(args, imcs...) - } - pkgList := getPkgList(ctx) - if len(pkgList) > 0 { - args = append(args, pkgList) - } - if len(sbomSources) > 0 { - args = append(args, []string{"--sbom-sources", sbomSources}...) - } - if len(skipUpdate) > 0 { - args = append(args, skipUpdate) - } - if len(skipJavaDBUpdate) > 0 { - args = append(args, skipJavaDBUpdate) - } + skipJavaDBUpdate := SkipJavaDBUpdate(trivyConfig) + if len(skipJavaDBUpdate) > 0 { + args = append(args, skipJavaDBUpdate) + } - return command, args + slow := Slow(trivyConfig) + if len(slow) > 0 { + args = append(args, slow) } - var serverUrlParms string - if mode == ClientServer { - serverUrlParms = fmt.Sprintf("--server '%s' ", trivyServerURL) + + vulnTypeArgs := vulnTypeFilter(ctx) + if len(vulnTypeArgs) > 0 { + args = append(args, vulnTypeArgs...) } - var sbomSourcesFlag string - if len(sbomSources) > 0 { - sbomSourcesFlag = fmt.Sprintf(" --sbom-sources %s ", sbomSources) + + pkgList := getPkgList(ctx) + if len(pkgList) > 0 { + args = append(args, pkgList) + } + + // Return early when compressing logs is disabled. + compressLogs := trivyOperatorConfig.CompressLogs() + if !compressLogs { + return command, args } - return []string{"/bin/sh"}, []string{"-c", fmt.Sprintf(`trivy image %s '%s' %s %s %s %s %s %s%s --cache-dir %s --quiet %s --format json %s> /tmp/scan/%s && bzip2 -c /tmp/scan/%s | base64`, slow, imageRef, scanners, getSecurityChecks(ctx), imageconfigSecretScannerFlag, vulnTypeFlag, skipUpdate, skipJavaDBUpdate, sbomSourcesFlag, cacheDir, getPkgList(ctx), serverUrlParms, resultFileName, resultFileName)} + + // Add command to args as it is now need to pipe output to compress. + args = append(command, args...) + // Add compress arguments. + // Sync is required to flush buffer to stdout before exiting. + args = append(args, fmt.Sprintf(`> /tmp/scan/%s && bzip2 -c /tmp/scan/%s | base64 && sync`, resultFileName, resultFileName)) + + return []string{"/bin/sh"}, append([]string{"-c"}, strings.Join(args, " ")) } func GetSbomScanCommandAndArgs(ctx trivyoperator.PluginContext, mode Mode, sbomFile string, trivyServerURL string, resultFileName string) ([]string, []string) { diff --git a/pkg/plugins/trivy/plugin_test.go b/pkg/plugins/trivy/plugin_test.go index 8258fbeaf..a2ecd4488 100644 --- a/pkg/plugins/trivy/plugin_test.go +++ b/pkg/plugins/trivy/plugin_test.go @@ -345,7 +345,7 @@ func TestPlugin_GetScanJobSpec(t *testing.T) { }, Args: []string{ "-c", - "trivy image --slow 'nginx:1.16' --security-checks vuln,secret --image-config-scanners secret --skip-update --cache-dir /tmp/trivy/.cache --quiet --format json > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64", + "trivy image nginx:1.16 --cache-dir /tmp/trivy/.cache --format json --image-config-scanners secret --quiet --security-checks vuln,secret --skip-update --slow > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64 && sync", }, Resources: corev1.ResourceRequirements{ Requests: corev1.ResourceList{ @@ -633,7 +633,7 @@ func TestPlugin_GetScanJobSpec(t *testing.T) { }, Args: []string{ "-c", - "trivy image --slow 'poc.myregistry.harbor.com.pl/nginx:1.16' --security-checks secret --image-config-scanners secret --skip-update --cache-dir /tmp/trivy/.cache --quiet --format json > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64", + "trivy image poc.myregistry.harbor.com.pl/nginx:1.16 --cache-dir /tmp/trivy/.cache --format json --image-config-scanners secret --quiet --security-checks secret --skip-update --slow > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64 && sync", }, Resources: corev1.ResourceRequirements{ Requests: corev1.ResourceList{ @@ -921,7 +921,7 @@ func TestPlugin_GetScanJobSpec(t *testing.T) { }, Args: []string{ "-c", - "trivy image --slow 'poc.myregistry.harbor.com.pl/nginx:1.16' --security-checks vuln --skip-update --cache-dir /tmp/trivy/.cache --quiet --format json > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64", + "trivy image poc.myregistry.harbor.com.pl/nginx:1.16 --cache-dir /tmp/trivy/.cache --format json --quiet --security-checks vuln --skip-update --slow > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64 && sync", }, Resources: corev1.ResourceRequirements{ Requests: corev1.ResourceList{ @@ -1229,7 +1229,7 @@ CVE-2019-1543`, }, Args: []string{ "-c", - "trivy image --slow 'nginx:1.16' --security-checks vuln,secret --image-config-scanners secret --skip-update --cache-dir /tmp/trivy/.cache --quiet --format json > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64", + "trivy image nginx:1.16 --cache-dir /tmp/trivy/.cache --format json --image-config-scanners secret --quiet --security-checks vuln,secret --skip-update --slow > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64 && sync", }, Resources: corev1.ResourceRequirements{ Requests: corev1.ResourceList{ @@ -1542,7 +1542,7 @@ default ignore = false`, }, Args: []string{ "-c", - "trivy image --slow 'nginx:1.16' --security-checks vuln,secret --image-config-scanners secret --skip-update --cache-dir /tmp/trivy/.cache --quiet --format json > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64", + "trivy image nginx:1.16 --cache-dir /tmp/trivy/.cache --format json --image-config-scanners secret --quiet --security-checks vuln,secret --skip-update --slow > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64 && sync", }, Resources: corev1.ResourceRequirements{ Requests: corev1.ResourceList{ @@ -1834,7 +1834,7 @@ default ignore = false`, }, Args: []string{ "-c", - "trivy image --slow 'mirror.io/library/nginx:1.16' --security-checks vuln,secret --image-config-scanners secret --skip-update --cache-dir /tmp/trivy/.cache --quiet --format json > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64", + "trivy image mirror.io/library/nginx:1.16 --cache-dir /tmp/trivy/.cache --format json --image-config-scanners secret --quiet --security-checks vuln,secret --skip-update --slow > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64 && sync", }, Resources: corev1.ResourceRequirements{ Requests: corev1.ResourceList{ @@ -2122,7 +2122,7 @@ default ignore = false`, }, Args: []string{ "-c", - "trivy image --slow 'nginx:1.16' --security-checks vuln,secret --image-config-scanners secret --skip-update --cache-dir /tmp/trivy/.cache --quiet --format json > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64", + "trivy image nginx:1.16 --cache-dir /tmp/trivy/.cache --format json --image-config-scanners secret --quiet --security-checks vuln,secret --skip-update --slow > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64 && sync", }, Resources: corev1.ResourceRequirements{ Requests: corev1.ResourceList{ @@ -2354,7 +2354,7 @@ default ignore = false`, }, Args: []string{ "-c", - "trivy image --slow 'nginx:1.16' --security-checks vuln,secret --image-config-scanners secret --cache-dir /tmp/trivy/.cache --quiet --format json --server 'http://trivy.trivy:4954' > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64", + "trivy image nginx:1.16 --cache-dir /tmp/trivy/.cache --format json --image-config-scanners secret --quiet --security-checks vuln,secret --server http://trivy.trivy:4954 --slow > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64 && sync", }, Resources: corev1.ResourceRequirements{ Requests: corev1.ResourceList{ @@ -2583,7 +2583,7 @@ default ignore = false`, }, Args: []string{ "-c", - "trivy image --slow 'nginx:1.16' --security-checks vuln,secret --image-config-scanners secret --cache-dir /tmp/trivy/.cache --quiet --format json --server 'http://trivy.trivy:4954' > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64", + "trivy image nginx:1.16 --cache-dir /tmp/trivy/.cache --format json --image-config-scanners secret --quiet --security-checks vuln,secret --server http://trivy.trivy:4954 --slow > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64 && sync", }, Resources: corev1.ResourceRequirements{ Requests: corev1.ResourceList{ @@ -2817,7 +2817,7 @@ default ignore = false`, }, Args: []string{ "-c", - "trivy image --slow 'poc.myregistry.harbor.com.pl/nginx:1.16' --security-checks vuln,secret --image-config-scanners secret --cache-dir /tmp/trivy/.cache --quiet --format json --server 'https://trivy.trivy:4954' > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64", + "trivy image poc.myregistry.harbor.com.pl/nginx:1.16 --cache-dir /tmp/trivy/.cache --format json --image-config-scanners secret --quiet --security-checks vuln,secret --server https://trivy.trivy:4954 --slow > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64 && sync", }, Resources: corev1.ResourceRequirements{ Requests: corev1.ResourceList{ @@ -3051,7 +3051,7 @@ default ignore = false`, }, Args: []string{ "-c", - "trivy image --slow 'poc.myregistry.harbor.com.pl/nginx:1.16' --security-checks vuln --cache-dir /tmp/trivy/.cache --quiet --format json --server 'http://trivy.trivy:4954' > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64", + "trivy image poc.myregistry.harbor.com.pl/nginx:1.16 --cache-dir /tmp/trivy/.cache --format json --quiet --security-checks vuln --server http://trivy.trivy:4954 --slow > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64 && sync", }, Resources: corev1.ResourceRequirements{ Requests: corev1.ResourceList{ @@ -3305,7 +3305,7 @@ CVE-2019-1543`, }, Args: []string{ "-c", - "trivy image --slow 'nginx:1.16' --security-checks secret --image-config-scanners secret --cache-dir /tmp/trivy/.cache --quiet --format json --server 'http://trivy.trivy:4954' > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64", + "trivy image nginx:1.16 --cache-dir /tmp/trivy/.cache --format json --image-config-scanners secret --quiet --security-checks secret --server http://trivy.trivy:4954 --slow > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64 && sync", }, Resources: corev1.ResourceRequirements{ Requests: corev1.ResourceList{ @@ -3565,7 +3565,7 @@ default ignore = false`, }, Args: []string{ "-c", - "trivy image --slow 'nginx:1.16' --security-checks secret --image-config-scanners secret --cache-dir /tmp/trivy/.cache --quiet --format json --server 'http://trivy.trivy:4954' > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64", + "trivy image nginx:1.16 --cache-dir /tmp/trivy/.cache --format json --image-config-scanners secret --quiet --security-checks secret --server http://trivy.trivy:4954 --slow > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64 && sync", }, Resources: corev1.ResourceRequirements{ Requests: corev1.ResourceList{ @@ -3800,7 +3800,7 @@ default ignore = false`, }, Args: []string{ "-c", - "trivy image --slow 'nginx:1.16' --security-checks vuln,secret --image-config-scanners secret --cache-dir /tmp/trivy/.cache --quiet --format json --server 'http://trivy.trivy:4954' > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64", + "trivy image nginx:1.16 --cache-dir /tmp/trivy/.cache --format json --image-config-scanners secret --quiet --security-checks vuln,secret --server http://trivy.trivy:4954 --slow > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64 && sync", }, Resources: corev1.ResourceRequirements{ Requests: corev1.ResourceList{ @@ -5416,7 +5416,7 @@ default ignore = false`, }, Args: []string{ "-c", - "trivy image --slow '000000000000.dkr.ecr.eu-west-1.amazonaws.com/nginx:1.16' --security-checks vuln,secret --image-config-scanners secret --skip-update --cache-dir /tmp/trivy/.cache --quiet --format json > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64", + "trivy image 000000000000.dkr.ecr.eu-west-1.amazonaws.com/nginx:1.16 --cache-dir /tmp/trivy/.cache --format json --image-config-scanners secret --quiet --security-checks vuln,secret --skip-update --slow > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64 && sync", }, Resources: corev1.ResourceRequirements{ Requests: corev1.ResourceList{ @@ -5731,7 +5731,7 @@ default ignore = false`, }, Args: []string{ "-c", - "trivy image --slow 'nginx:1.16' --security-checks vuln,secret --image-config-scanners secret --skip-update --cache-dir /tmp/trivy/.cache --quiet --format json > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64", + "trivy image nginx:1.16 --cache-dir /tmp/trivy/.cache --format json --image-config-scanners secret --quiet --security-checks vuln,secret --skip-update --slow > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64 && sync", }, Resources: corev1.ResourceRequirements{ Requests: corev1.ResourceList{ @@ -6048,7 +6048,7 @@ default ignore = false`, }, Args: []string{ "-c", - "trivy image --slow 'mirror.io/library/nginx:1.16' --security-checks vuln,secret --image-config-scanners secret --skip-update --cache-dir /tmp/trivy/.cache --quiet --format json > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64", + "trivy image mirror.io/library/nginx:1.16 --cache-dir /tmp/trivy/.cache --format json --image-config-scanners secret --quiet --security-checks vuln,secret --skip-update --slow > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64 && sync", }, Resources: corev1.ResourceRequirements{ Requests: corev1.ResourceList{ diff --git a/tests/envtest/testdata/fixture/cronjob-expected-scan.yaml b/tests/envtest/testdata/fixture/cronjob-expected-scan.yaml index 21991c7ba..c5abe8ff2 100644 --- a/tests/envtest/testdata/fixture/cronjob-expected-scan.yaml +++ b/tests/envtest/testdata/fixture/cronjob-expected-scan.yaml @@ -47,7 +47,7 @@ spec: containers: - args: - -c - - trivy image --slow 'busybox:1.28' --security-checks vuln,secret --image-config-scanners secret --skip-update --cache-dir /tmp/trivy/.cache --quiet --format json > /tmp/scan/result_hello.json && bzip2 -c /tmp/scan/result_hello.json | base64 + - trivy image busybox:1.28 --cache-dir /tmp/trivy/.cache --format json --image-config-scanners secret --quiet --security-checks vuln,secret --skip-update --slow > /tmp/scan/result_hello.json && bzip2 -c /tmp/scan/result_hello.json | base64 && sync command: - /bin/sh env: diff --git a/tests/envtest/testdata/fixture/daemonset-expected-scan.yaml b/tests/envtest/testdata/fixture/daemonset-expected-scan.yaml index 694b9ab57..26686445a 100644 --- a/tests/envtest/testdata/fixture/daemonset-expected-scan.yaml +++ b/tests/envtest/testdata/fixture/daemonset-expected-scan.yaml @@ -47,7 +47,7 @@ spec: containers: - args: - -c - - trivy image --slow 'quay.io/fluentd_elasticsearch/fluentd:v2.5.2' --security-checks vuln,secret --image-config-scanners secret --skip-update --cache-dir /tmp/trivy/.cache --quiet --format json > /tmp/scan/result_fluentd-elasticsearch.json && bzip2 -c /tmp/scan/result_fluentd-elasticsearch.json | base64 + - trivy image quay.io/fluentd_elasticsearch/fluentd:v2.5.2 --cache-dir /tmp/trivy/.cache --format json --image-config-scanners secret --quiet --security-checks vuln,secret --skip-update --slow > /tmp/scan/result_fluentd-elasticsearch.json && bzip2 -c /tmp/scan/result_fluentd-elasticsearch.json | base64 && sync command: - /bin/sh env: diff --git a/tests/envtest/testdata/fixture/job-expected-scan.yaml b/tests/envtest/testdata/fixture/job-expected-scan.yaml index beef61500..1d2f7fd94 100644 --- a/tests/envtest/testdata/fixture/job-expected-scan.yaml +++ b/tests/envtest/testdata/fixture/job-expected-scan.yaml @@ -47,7 +47,7 @@ spec: containers: - args: - -c - - trivy image --slow 'perl:5.34' --security-checks vuln,secret --image-config-scanners secret --skip-update --cache-dir /tmp/trivy/.cache --quiet --format json > /tmp/scan/result_pi.json && bzip2 -c /tmp/scan/result_pi.json | base64 + - trivy image perl:5.34 --cache-dir /tmp/trivy/.cache --format json --image-config-scanners secret --quiet --security-checks vuln,secret --skip-update --slow > /tmp/scan/result_pi.json && bzip2 -c /tmp/scan/result_pi.json | base64 && sync command: - /bin/sh env: diff --git a/tests/envtest/testdata/fixture/pod-expected-scan.yaml b/tests/envtest/testdata/fixture/pod-expected-scan.yaml index b75434c50..510f2722d 100644 --- a/tests/envtest/testdata/fixture/pod-expected-scan.yaml +++ b/tests/envtest/testdata/fixture/pod-expected-scan.yaml @@ -47,7 +47,7 @@ spec: containers: - args: - -c - - trivy image --slow 'app-image:app-image-tag' --security-checks vuln,secret --image-config-scanners secret --skip-update --cache-dir /tmp/trivy/.cache --quiet --format json > /tmp/scan/result_app.json && bzip2 -c /tmp/scan/result_app.json | base64 + - trivy image app-image:app-image-tag --cache-dir /tmp/trivy/.cache --format json --image-config-scanners secret --quiet --security-checks vuln,secret --skip-update --slow > /tmp/scan/result_app.json && bzip2 -c /tmp/scan/result_app.json | base64 && sync command: - /bin/sh env: diff --git a/tests/envtest/testdata/fixture/replicaset-expected-scan.yaml b/tests/envtest/testdata/fixture/replicaset-expected-scan.yaml index 9466cadc4..5bbcb8f57 100644 --- a/tests/envtest/testdata/fixture/replicaset-expected-scan.yaml +++ b/tests/envtest/testdata/fixture/replicaset-expected-scan.yaml @@ -47,7 +47,7 @@ spec: containers: - args: - -c - - trivy image --slow 'wordpress:4.9' --security-checks vuln,secret --image-config-scanners secret --skip-update --cache-dir /tmp/trivy/.cache --quiet --format json > /tmp/scan/result_wordpress.json && bzip2 -c /tmp/scan/result_wordpress.json | base64 + - trivy image wordpress:4.9 --cache-dir /tmp/trivy/.cache --format json --image-config-scanners secret --quiet --security-checks vuln,secret --skip-update --slow > /tmp/scan/result_wordpress.json && bzip2 -c /tmp/scan/result_wordpress.json | base64 && sync command: - /bin/sh env: diff --git a/tests/envtest/testdata/fixture/replicationcontroller-expected-scan.yaml b/tests/envtest/testdata/fixture/replicationcontroller-expected-scan.yaml index 7830e60e0..bca3ad535 100644 --- a/tests/envtest/testdata/fixture/replicationcontroller-expected-scan.yaml +++ b/tests/envtest/testdata/fixture/replicationcontroller-expected-scan.yaml @@ -47,7 +47,7 @@ spec: containers: - args: - -c - - trivy image --slow 'nginx' --security-checks vuln,secret --image-config-scanners secret --skip-update --cache-dir /tmp/trivy/.cache --quiet --format json > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64 + - trivy image nginx --cache-dir /tmp/trivy/.cache --format json --image-config-scanners secret --quiet --security-checks vuln,secret --skip-update --slow > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64 && sync command: - /bin/sh env: diff --git a/tests/envtest/testdata/fixture/statefulset-expected-scan.yaml b/tests/envtest/testdata/fixture/statefulset-expected-scan.yaml index fb56b69eb..8dcf22e88 100644 --- a/tests/envtest/testdata/fixture/statefulset-expected-scan.yaml +++ b/tests/envtest/testdata/fixture/statefulset-expected-scan.yaml @@ -47,7 +47,7 @@ spec: containers: - args: - -c - - trivy image --slow 'k8s.gcr.io/nginx-slim:0.8' --security-checks vuln,secret --image-config-scanners secret --skip-update --cache-dir /tmp/trivy/.cache --quiet --format json > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64 + - trivy image k8s.gcr.io/nginx-slim:0.8 --cache-dir /tmp/trivy/.cache --format json --image-config-scanners secret --quiet --security-checks vuln,secret --skip-update --slow > /tmp/scan/result_nginx.json && bzip2 -c /tmp/scan/result_nginx.json | base64 && sync command: - /bin/sh env: