Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(repo): git CLI output mangles stdout #7547

Open
knqyf263 opened this issue Sep 19, 2024 Discussed in #7544 · 2 comments · May be fixed by #7561
Open

fix(repo): git CLI output mangles stdout #7547

knqyf263 opened this issue Sep 19, 2024 Discussed in #7544 · 2 comments · May be fixed by #7561
Labels
good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/bug Categorizes issue or PR as related to a bug. target/repository Issues relating to VCS repository scanning

Comments

@knqyf263
Copy link
Collaborator

Description

When scanning a git repository with trivy repo, the progress of git clone is written to standard output, resulting in a parse error.

❯ trivy repository --format cyclonedx --scanners vuln file://. --debug | jq
2024-09-18T15:26:30-07:00	DEBUG	Cache dir	dir="/Users/patcal04/Library/Caches/trivy"
2024-09-18T15:26:30-07:00	DEBUG	Parsed severities	severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2024-09-18T15:26:30-07:00	DEBUG	Ignore statuses	statuses=[]
2024-09-18T15:26:30-07:00	DEBUG	DB update was skipped because the local DB is the latest
2024-09-18T15:26:30-07:00	DEBUG	DB info	schema=2 updated_at=2024-09-18T18:13:21.187484554Z next_update=2024-09-19T00:13:21.187484163Z downloaded_at=2024-09-18T20:24:17.597058Z
2024-09-18T15:26:30-07:00	INFO	Vulnerability scanning is enabled
2024-09-18T15:26:30-07:00	DEBUG	Vulnerability type	type=[library]
2024-09-18T15:26:30-07:00	DEBUG	Enabling misconfiguration scanners	scanners=[azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot]
2024-09-18T15:26:30-07:00	DEBUG	Initializing scan cache...	type="memory"
jq: parse error: Invalid numeric literal at line 1, column 12

It should be os.Stderr.

trivy/pkg/fanal/artifact/repo/git.go

Line 131 in dbd2dd6

Progress: os.Stdout,

Discussed in #7544
@knqyf263 knqyf263 added kind/bug Categorizes issue or PR as related to a bug. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. target/repository Issues relating to VCS repository scanning labels Sep 19, 2024
@dangogh
Copy link

dangogh commented Sep 19, 2024

I can see a way to add a test for this (wrapper around NewArtifact that checks stdout). Is that the expectation? or simply change to stderr?

@dangogh dangogh linked a pull request Sep 19, 2024 that will close this issue
Draft
6 tasks
@knqyf263
Copy link
Collaborator Author

It would be great if you write a test, but it's not required.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/bug Categorizes issue or PR as related to a bug. target/repository Issues relating to VCS repository scanning
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(repo): git clone output to Stderr dangogh/trivy
2 participants
@dangogh @knqyf263