Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug(yarn): workspaces are not detected if you scan non project directory #6101

Closed
DmitriyLewen opened this issue Feb 12, 2024 Discussed in #6079 · 0 comments · Fixed by #6102
Closed

bug(yarn): workspaces are not detected if you scan non project directory #6101

DmitriyLewen opened this issue Feb 12, 2024 Discussed in #6079 · 0 comments · Fixed by #6102
Assignees
@DmitriyLewen
Labels
kind/bug Categorizes issue or PR as related to a bug. scan/vulnerability Issues relating to vulnerability scanning

Comments

@DmitriyLewen
Copy link
Contributor

Description

In cases where it is not the project directory that is being scanned, Trivy doesn't detect workspaces.

e.g.:

➜ tree
.
└── foo
    ├── bar
    │   └── generators
    │       └── package.json
    ├── package.json
    └── yarn.lock

➜ trivy -q fs -f json --list-all-pkgs .                
{
  "SchemaVersion": 2,
  "CreatedAt": "2024-02-12T13:32:24.605239+06:00",
  "ArtifactName": ".",
  "ArtifactType": "filesystem",
  "Metadata": {
    "ImageConfig": {
      "architecture": "",
      "created": "0001-01-01T00:00:00Z",
      "os": "",
      "rootfs": {
        "type": "",
        "diff_ids": null
      },
      "config": {}
    }
  }
}

➜ trivy -q fs -f json --list-all-pkgs ./foo | jq '.Results[].Packages'
[
  {
    "ID": "[email protected]",
    "Name": "hoek",
    "Identifier": {
      "PURL": "pkg:npm/[email protected]"
    },
    "Version": "6.1.3",
    "Layer": {},
    "Locations": [
      {
        "StartLine": 5,
        "EndLine": 8
      }
    ]
  }
]

Discussed in #6079
@DmitriyLewen DmitriyLewen added kind/bug Categorizes issue or PR as related to a bug. scan/vulnerability Issues relating to vulnerability scanning labels Feb 12, 2024
@DmitriyLewen DmitriyLewen self-assigned this Feb 12, 2024
@DmitriyLewen DmitriyLewen mentioned this issue Feb 12, 2024
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DmitriyLewen DmitriyLewen

Labels
kind/bug Categorizes issue or PR as related to a bug. scan/vulnerability Issues relating to vulnerability scanning
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(nodejs): use project dir when searching for workspaces for Yarn.lock files DmitriyLewen/trivy
1 participant
@DmitriyLewen