Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(sgtrivy): do not scan yaml files
Trivy has mutliple scanners that look for different file formats and tries to scan them. For example there is a kubernetes scanner that will find certain of our generated yaml files and incorrectly interpret them as kubernetes files. Then it will find Kubernetes security issues with those files. We should in general only be interested in scanning Terraform files. As a way to prevent trivy from scanning other files, we're here using the --skip-files directive. Examples of how to use --skip-files can be found here: https://github.com/aquasecurity/trivy/blob/6f03c79405e7d3f77dac0c70c265d972a63ba629/docs/docs/configuration/skipping.md?plain=1#L18
- Loading branch information