diff --git a/apps/core/lib/core/services/scan.ex b/apps/core/lib/core/services/scan.ex index 6a7cc4135..1550a0b05 100644 --- a/apps/core/lib/core/services/scan.ex +++ b/apps/core/lib/core/services/scan.ex @@ -14,7 +14,7 @@ defmodule Core.Services.Scan do image = "#{registry_name}:#{image.tag}" Logger.info "Scanning image #{image}" - case System.cmd("trivy", ["--quiet", "image", "--format", "json", image, "--timeout", "5m0s"], env: env) do + case System.cmd("trivy", ["--quiet", "image", "--format", "json", image, "--timeout", "5m0s"], env: env, stderr_to_stdout: true) do {output, 0} -> case Jason.decode(output) do {:ok, [%{"Vulnerabilities" => vulns} | _]} -> insert_vulns(vulns, img) diff --git a/apps/core/test/services/scan_test.exs b/apps/core/test/services/scan_test.exs index 75dd5d622..101b0605b 100644 --- a/apps/core/test/services/scan_test.exs +++ b/apps/core/test/services/scan_test.exs @@ -10,7 +10,7 @@ defmodule Core.Services.ScanTest do image_name = "dkr.plural.sh/#{image.docker_repository.repository.name}/#{image.docker_repository.name}:#{image.tag}" vuln = Application.get_env(:core, :vulnerability) expect(System, :cmd, fn - "trivy", ["--quiet", "image", "--format", "json", ^image_name, "--timeout", "5m0s"], [env: [{"TRIVY_REGISTRY_TOKEN", _}]] -> + "trivy", ["--quiet", "image", "--format", "json", ^image_name, "--timeout", "5m0s"], [env: [{"TRIVY_REGISTRY_TOKEN", _}], stderr_to_stdout: true] -> {~s([{"Vulnerabilities": [#{vuln}]}]), 0} end) @@ -27,7 +27,7 @@ defmodule Core.Services.ScanTest do test "it will mark on timeouts" do image = insert(:docker_image) expect(System, :cmd, fn - "trivy", ["--quiet", "image", "--format", "json", _, "--timeout", "5m0s"], [env: [{"TRIVY_REGISTRY_TOKEN", _}]] -> + "trivy", ["--quiet", "image", "--format", "json", _, "--timeout", "5m0s"], [{:env, [{"TRIVY_REGISTRY_TOKEN", _}]} | _] -> {~s(image scan error: scan error: image scan failed: failed analysis: analyze error: timeout: context deadline exceeded), 1} end)