-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(terraform): do not scan local modules as root modules #34
Conversation
@nikpivkin could you rebase this again? Sorry but a couple of other PRs got merged prior to this that caused it. |
@simar7 Done. |
} | ||
|
||
func Test_ScanRemoteModule(t *testing.T) { | ||
fs := testutil.CreateFS(t, map[string]string{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I assume would be an integration test as it will require external resources?
In that case, can we guard this behind a flag and use t.Skip()
if integration flag isn't set?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you mean using the build tag "integration" to run integration tests: go test -tags=integration
? Or what flag do you mean?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I meant that as it is an integration test.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@simar7 Should we be able to run unit and integration tests separately? Or only be able to skip integration tests?
} | ||
|
||
func Test_ScanChildUseRemoteModule(t *testing.T) { | ||
fs := testutil.CreateFS(t, map[string]string{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto, maybe we need to move these tests into scanner_integration_test.go
that uses goflags to guard?
2d49a31
to
caeb642
Compare
Thanks @nikpivkin ! I'm new to using Trivy so this might be a silly question, but how do I actually use the latest release of trivy-iac that includes this fix? I see the latest version of Trivy was released ~4 days ago and I'm not entirely sure how this repo hooks in to the Trivy CLI. |
Trivy-iac is part of a bigger defsec refactor that will be released when aquasecurity/trivy#5245 is merged. We are working on documentation as part of the refactor that will help explain. |
Sync with defsec (aquasecurity/defsec#1467).
And fix aquasecurity/trivy#5414 .
Related PRs