Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pin trivy default to v0.57.1 #295

Merged
merged 1 commit into from
Dec 11, 2024
Merged

Pin trivy default to v0.57.1 #295

merged 1 commit into from
Dec 11, 2024

Conversation

richgreen-moj
Copy link
Contributor

@richgreen-moj richgreen-moj commented Dec 10, 2024
edited
Loading

What/Why?

The default version of Trivy was set to latest and recently we have been encountering errors like this..

panic: value is null

goroutine 1 [running]:
github.com/zclconf/go-cty/cty.Value.AsString({{{0x58f5110?, 0xc0003092b1?}}, {0x0?, 0x0?}})
	/home/runner/go/pkg/mod/github.com/zclconf/[email protected]/cty/value_ops.go:1390 +0x10b

There seem to be a lot of changes in the latest release v0.58.0with regards to how the Go function parses Terraform for Trivy (pkg/iac/scanners/terraform/parser/parser.go) so it could be a bug that's been introduced.

Changes Made

Regardless of the potential bug in the latest release it seems a good idea to pin the version rather than using latest for stability.

I did try using commit hashes rather than release tags but it didn't play nicely.

The default trivy version has been pinned to v0.57.1

Tests

I've run this against the MP static analysis full scan job which was failing the error but works now... https://github.com/ministryofjustice/modernisation-platform/actions/runs/12275185943/job/34249712685

@richgreen-moj richgreen-moj marked this pull request as ready for review December 11, 2024 09:57
@richgreen-moj richgreen-moj requested a review from a team as a code owner December 11, 2024 09:57
connormaglynn
connormaglynn approved these changes Dec 11, 2024
View reviewed changes
Copy link
Contributor

@connormaglynn connormaglynn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀 Looks Good To Me!

@richgreen-moj richgreen-moj merged commit db1a548 into main Dec 11, 2024
3 checks passed
@richgreen-moj richgreen-moj deleted the fix/pin-trivy-default branch December 11, 2024 12:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@connormaglynn connormaglynn connormaglynn approved these changes

@ASTRobinson ASTRobinson ASTRobinson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
⚙️ Operations Engineering
Status: ✅ Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@richgreen-moj @ASTRobinson @connormaglynn