-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(misconf): Improve misconfig scanner logging experience #5551
Comments
I think it's also worth fixing the logging in trivy-iac (ran with this patch #5550) 2023-11-10T13:25:19.762+0700 DEBUG [misconf] 25:19.762136000 rego.scanner Overriding filesystem for policies!
2023-11-10T13:25:19.792+0700 DEBUG [misconf] 25:19.792068000 rego.scanner Loaded 189 policies from disk.
2023-11-10T13:25:19.792+0700 DEBUG [misconf] 25:19.792415000 rego.scanner Overriding filesystem for data!
2023-11-10T13:25:20.096+0700 DEBUG [misconf] 25:20.096401000 helm.scanner Processing rendered chart file: templates/serviceaccount.yaml
2023-11-10T13:25:20.096+0700 DEBUG [misconf] 25:20.096495000 rego.scanner Scanning 1 inputs...
2023-11-10T13:25:20.246+0700 DEBUG [misconf] 25:20.246132000 helm.scanner Processing rendered chart file: templates/service.yaml
2023-11-10T13:25:20.246+0700 DEBUG [misconf] 25:20.246235000 rego.scanner Scanning 1 inputs...
2023-11-10T13:25:20.409+0700 DEBUG [misconf] 25:20.409735000 helm.scanner Processing rendered chart file: templates/deployment.yaml
2023-11-10T13:25:20.409+0700 DEBUG [misconf] 25:20.409920000 rego.scanner Scanning 1 inputs... |
@nikpivkin What do you propose that we should change? Could you provide a small desired output? |
I forgot to clarify, I meant that the logs contain a large indentation between the scanner type and the message. |
I think that's from here - it's something all logger prints should have or is it not? It seems fine to me as is. |
https://github.com/aquasecurity/trivy/blob/main/pkg/cloud/aws/scanner/progress.go#L72 trivy aws --endpoint http://localhost:4566 --region us-east-1 --service s3 --update-cache -q
[1/32] Scanning accessanalyzer...
[2/32] Scanning api-gateway...
[3/32] Scanning athena...
[4/32] Scanning cloudfront...
[5/32] Scanning cloudtrail...
[6/32] Scanning cloudwatch...
[7/32] Scanning codebuild...
[8/32] Scanning documentdb...
[9/32] Scanning dynamodb...
[10/32] Scanning ec2...
[11/32] Scanning ecr...
[12/32] Scanning ecs...
[13/32] Scanning efs... |
Description
Currently there are a few places where the misconfiguration engine (defsec, trivy-iac, et al.) don't necessarily integrate well with the Trivy logging options (for e.g.
--quiet
and--debug
).One instance of this problem is documented in a fix here. In this case, passing
--debug
didn't enable debug logging within the defsec engine, hence missing some important messages from the engine.Action items
The text was updated successfully, but these errors were encountered: