We have installed the Trivy extension from the marketplace and traying to scan cloned repositories to be visualized on its Dashboard here it is our .yaml
trigger:
- main
jobs:
- job: Scan_Repository
steps:
- checkout: self
persistCredentials: true
- script: |
git clone https://$(System.AccessToken)@test.visualstudio.com/DefaultCollection/Infra/_git/test
displayName: 'Clone test Repo'
- task: trivy@1
inputs:
version: 'latest'
severities: 'CRITICAL,HIGH,MEDIUM'
path: '$(System.DefaultWorkingDirectory)/test'
exitCode: 0
displayName: 'Run Trivy Scan'
- script: |
rm -rf $(System.DefaultWorkingDirectory)/test
displayName: 'Clear local repository'
'When we run it we get the below errors
##[error]Failed: Trivy detected problems. Publishing JSON results... ##[error]Unable to process command '
##vso[task.addattachment type=JSON_RESULT;name=trivy0.4340597811797098.json;]/tmp/trivy-results-0.31370319055668205.json' successfully. Please reference documentation (http://go.microsoft.com/fwlink/?LinkId=817296)
##[error]Value cannot be null. (Parameter 'Cannot upload task attachment file, attachment file location is not specified or attachment file not exist on disk') Done! Finishing: Run Trivy Scan
I've also tried to run it under docker, I can get the html file, but not the visualization on its dashboard
ref: https://github.com/aquasecurity/trivy-azure-pipelines-task
Does anyone had a similar issue or can help me on solving this? I have created a issue on their git but doesn't seems to have much activity.
Thanks, regards
if you are running it without Docker, add this to your task