Trivy scan on selected files

[pohanhuangtw]

Question

Issues

I want to scan only the go.mod file in the sbomTrivy folder using Trivy. However, instead of scanning just that file, Trivy scans the entire directory.

Context

The directory structure is as follows:

.
├── go.mod
├── go.sum
├── main.go
├── sbomTrivy
│   ├── go.mod
│   ├── go.sum
│   └── yy.go

I want to scan only sbomTrivy/go.mod.

• When I run trivy fs sbomTrivy, it correctly scans only the sbomTrivy directory.

• But when I run trivy fs --file-patterns "gomod:./sbomTrivy/go.mod" ., it scans the entire directory.

Question

Why does using trivy fs --file-patterns "gomod:./sbomTrivy/go.mod" . cause Trivy to scan the whole directory instead of just the go.mod file in sbomTrivy?

Target

Filesystem

Scanner

None

Output Format

None

Mode

None

Operating System

mac

Version

0.58

[nikpivkin]

Hi @pohanhuangtw !

The file-patterns flag is used to look for files according to a pattern for a specific analyzer (see https://trivy.dev/latest/docs/configuration/skipping/#file-patterns). If you want to scan only sbomTrivy/go.mod then use it as a target.

[knqyf263]

This may be relevant.
#8082

[pohanhuangtw]

Hi @knqyf263,
Thank you for your help. I think the PR is pretty close to what I was expecting, but the main goal is to focus on the path itself, not just the directory.

[pohanhuangtw]

After look into the PR

opt.OnlyDirs can indeed apply to directories; however, this line appears to be used for files as well.
The OnlyPath function is used to determine if the given path (whether file or directory) should be included based on the patterns in opt.OnlyDirs.

How about suggesting rename opt.OnlyDirs to opt.OnlyPaths to indicate it applies to paths (files or directories) rather than directories exclusively.

Will Trivy consider this approach in next release?

[knqyf263]

Actually, introducing --only-dirs in addition to --skip-dirs complicates usage. We need careful discussion about this enhancement. We cannot promise it will be included in the next version.