Skip to content

Commit f2e2610

Browse files
fr4iser90fr4iser90
committed
Enhance run_trivy.sh to skip large log files and node_modules during scans
- Updated run_trivy.sh to include options for skipping large log files and node_modules, reducing memory issues during vulnerability scans. - Improved logging by redirecting output to the log file while maintaining error visibility for report generation failures.
1 parent f6722cf commit f2e2610

1 file changed

Lines changed: 7 additions & 6 deletions

File tree

scripts/tools/run_trivy.sh

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -26,20 +26,21 @@ if command -v trivy &>/dev/null; then
2626
TRIVY_TEXT="$RESULTS_DIR/trivy.txt"
2727

2828
# Deep scan with all vulnerability databases and comprehensive checks
29+
# Skip large log files and node_modules to avoid memory issues
2930
echo "[run_trivy.sh][Trivy] Running comprehensive vulnerability scan..." | tee -a "$LOG_FILE"
30-
trivy "$TRIVY_SCAN_TYPE" --config "$TRIVY_CONFIG_PATH" --format json -o "$TRIVY_JSON" --severity HIGH,CRITICAL,MEDIUM,LOW --scanners vuln,secret,config "$TARGET_PATH" 2>/dev/null || {
31-
echo "[run_trivy.sh][Trivy] JSON report generation failed." >> "$LOG_FILE"
31+
trivy "$TRIVY_SCAN_TYPE" --config "$TRIVY_CONFIG_PATH" --format json -o "$TRIVY_JSON" --severity HIGH,CRITICAL,MEDIUM,LOW --scanners vuln,secret,config --skip-files "**/*.log" --skip-dirs "*/node_modules" "$TARGET_PATH" 2>&1 | tee -a "$LOG_FILE" || {
32+
echo "[run_trivy.sh][Trivy] JSON report generation failed." | tee -a "$LOG_FILE"
3233
}
3334

3435
# Generate detailed text report with all severities
35-
trivy "$TRIVY_SCAN_TYPE" --config "$TRIVY_CONFIG_PATH" --format table -o "$TRIVY_TEXT" --severity HIGH,CRITICAL,MEDIUM,LOW --scanners vuln,secret,config "$TARGET_PATH" 2>/dev/null || {
36-
echo "[run_trivy.sh][Trivy] Text report generation failed." >> "$LOG_FILE"
36+
trivy "$TRIVY_SCAN_TYPE" --config "$TRIVY_CONFIG_PATH" --format table -o "$TRIVY_TEXT" --severity HIGH,CRITICAL,MEDIUM,LOW --scanners vuln,secret,config --skip-files "**/*.log" --skip-dirs "*/node_modules" "$TARGET_PATH" 2>&1 | tee -a "$LOG_FILE" || {
37+
echo "[run_trivy.sh][Trivy] Text report generation failed." | tee -a "$LOG_FILE"
3738
}
3839

3940
# Additional deep scan for secrets and misconfigurations
4041
echo "[run_trivy.sh][Trivy] Running additional secrets and misconfiguration scan..." | tee -a "$LOG_FILE"
41-
trivy "$TRIVY_SCAN_TYPE" --scanners secret,config --format json -o "$RESULTS_DIR/trivy-secrets-config.json" "$TARGET_PATH" 2>/dev/null || {
42-
echo "[run_trivy.sh][Trivy] Secrets/config scan failed." >> "$LOG_FILE"
42+
trivy "$TRIVY_SCAN_TYPE" --scanners secret,config --format json -o "$RESULTS_DIR/trivy-secrets-config.json" --skip-files "**/*.log" --skip-dirs "*/node_modules" "$TARGET_PATH" 2>&1 | tee -a "$LOG_FILE" || {
43+
echo "[run_trivy.sh][Trivy] Secrets/config scan failed." | tee -a "$LOG_FILE"
4344
}
4445

4546
if [ -f "$TRIVY_JSON" ] || [ -f "$TRIVY_TEXT" ]; then

0 commit comments

Comments
 (0)