-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(flag): add error when there are no supported security checks #2713
Conversation
pkg/flag/scan_flags.go
Outdated
switch { | ||
case len(securityCheck) == 0: // no checks | ||
return nil | ||
return nil, xerrors.New("no security checks") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
security-checks
can be empty when generating SBOM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't think about it. Thanks. Fixed.
pkg/flag/scan_flags.go
Outdated
case len(securityCheck) == 1 && strings.Contains(securityCheck[0], ","): // get checks from flag | ||
securityCheck = strings.Split(securityCheck[0], ",") | ||
} | ||
|
||
var securityChecks []string | ||
for _, v := range securityCheck { | ||
if !slices.Contains(types.SecurityChecks, v) { | ||
log.Logger.Warnf("unknown security check: %s", v) | ||
continue | ||
return nil, xerrors.New(fmt.Sprintf("unknown security check: %s", v)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
return nil, xerrors.New(fmt.Sprintf("unknown security check: %s", v)) | |
return nil, xerrors.Errorf("unknown security check: %s", v) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
Description
Trivy doesn't stop scan if
--security-checks
flag has only unsupported values.We need to return error when parsing the flags.
Before:
After:
Checklist