Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(terraform): do not scan local modules as root modules #34

Merged
merged 6 commits into from
Nov 1, 2023

Conversation

nikpivkin
Copy link
Collaborator

@nikpivkin nikpivkin commented Oct 20, 2023

@nikpivkin nikpivkin marked this pull request as ready for review October 25, 2023 05:11
@nikpivkin nikpivkin requested a review from simar7 as a code owner October 25, 2023 05:11
@simar7
Copy link
Member

simar7 commented Oct 26, 2023

@nikpivkin could you rebase this again? Sorry but a couple of other PRs got merged prior to this that caused it.

@nikpivkin
Copy link
Collaborator Author

@simar7 Done.

}

func Test_ScanRemoteModule(t *testing.T) {
fs := testutil.CreateFS(t, map[string]string{
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume would be an integration test as it will require external resources?

In that case, can we guard this behind a flag and use t.Skip() if integration flag isn't set?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you mean using the build tag "integration" to run integration tests: go test -tags=integration? Or what flag do you mean?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I meant that as it is an integration test.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@simar7 Should we be able to run unit and integration tests separately? Or only be able to skip integration tests?

}

func Test_ScanChildUseRemoteModule(t *testing.T) {
fs := testutil.CreateFS(t, map[string]string{
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ditto, maybe we need to move these tests into scanner_integration_test.go that uses goflags to guard?

@nikpivkin nikpivkin requested a review from simar7 October 31, 2023 10:44
@simar7 simar7 merged commit b08cb85 into aquasecurity:main Nov 1, 2023
3 checks passed
@bkonicek-calm
Copy link

Thanks @nikpivkin ! I'm new to using Trivy so this might be a silly question, but how do I actually use the latest release of trivy-iac that includes this fix? I see the latest version of Trivy was released ~4 days ago and I'm not entirely sure how this repo hooks in to the Trivy CLI.

@simar7
Copy link
Member

simar7 commented Nov 1, 2023

Thanks @nikpivkin ! I'm new to using Trivy so this might be a silly question, but how do I actually use the latest release of trivy-iac that includes this fix? I see the latest version of Trivy was released ~4 days ago and I'm not entirely sure how this repo hooks in to the Trivy CLI.

Trivy-iac is part of a bigger defsec refactor that will be released when aquasecurity/trivy#5245 is merged.

We are working on documentation as part of the refactor that will help explain.

@nikpivkin nikpivkin deleted the fix/root-modules branch November 2, 2023 10:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

bug(terraform): Trivy does not scan remote modules
3 participants