Input formats not respected if env var is already set #438
Comments
|
This is a big issue since it doesn't allow to run the action multiple times in the same workflow. If you do multiple types of scans separately using this action, it requires sanitizing For example: echo "TRIVY_OUTPUT=" >> $GITHUB_ENV
echo "TRIVY_SKIP_DIRS=" >> $GITHUB_ENV
echo "TRIVY_SKIP_FILES=" >> $GITHUB_ENV
echo "TRIVY_SKIP_FILES=table" >> $GITHUB_ENV |
|
Likely related to what I encountered some time ago here #422 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem
There is an issue with the current action if you run multiple Trivy actions in a row. It will not respect the inputs as it will not set the env var if the env var if the input value is a different value. However, if the env var already has a different value than the default and you try to set it to a default value, it will not work.
Scenario
Here is a scenario: You first run Trivy scan with sarif format, and then you run with table format:
Then then the second scan will not use format table, as it uses the previously set env var: TRIVY_FORMAT: sarif.
Tests
Here is a workflow run that shows the issue:
input format: table
https://github.com/david-marconis/trivy-ignore-bug/actions/runs/12065562387/job/33644593462#step:3:6
env TRIVY_FORMAT: sarif
https://github.com/david-marconis/trivy-ignore-bug/actions/runs/12065562387/job/33644593462#step:3:20
log indicating sarif mode:
https://github.com/david-marconis/trivy-ignore-bug/actions/runs/12065562387/job/33644593462#step:3:159
Fixed by this PR:
#437
The text was updated successfully, but these errors were encountered: