8000 feat(misconf): Adding support for detecting misconfigurations in docker-compose.yml natively · Issue #8729 · aquasecurity/trivy · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
feat(misconf): Adding support for detecting misconfigurations in docker-compose.yml natively #8729
New issue
New issue
Open
Open
feat(misconf): Adding support for detecting misconfigurations in docker-compose.yml natively#8729
Labels
kind/featureCategorizes issue or PR as related to a new feature.scan/misconfigurationIssues relating to misconfiguration scanning
@simar7

Description

@simar7
simar7
opened on Apr 12, 2025

Discussed in #6179

Originally posted by matej-kaska February 21, 2024

Question

Hello,

I've encountered an issue where Trivy doesn't seem to detect any misconfigurations in my docker-compose.yml file (as it should like in this example). I've attempted several approaches to ensure the file is scanned properly, but the output consistently indicates that no config files were detected for scanning.

Background:
I'm using Trivy to scan my project for vulnerabilities and misconfigurations, including Dockerfiles and the docker-compose.yml in GitHub Actions. The scans for Dockerfiles work as expected, identifying vulnerabilities and misconfigurations. However, when it comes to the docker-compose.yml file, Trivy doesn't report any findings.

Steps Taken:

  • Firstly I tried scanning the entire project directory using trivy fs --security-checks vuln,config ., expecting it to pick up the docker-compose.yml. The log indicated that the scan was performed, but no config files were detected.
  • Secondly I tried scanning just the confg file trivy config docker-compose.yml
  • Thirdly I created folder "test" and copied the docker-compose.yml to the folder and ran trivy conf ./test
  • Lastly I tried renaming "docker-compose.yml to "docker-compose.yaml"

Log Output:

2024-02-21T20:31:56.702Z INFO Misconfiguration scanning is enabled
2024-02-21T20:31:56.702Z INFO Detected config files: 0

I confirmed that the docker-compose.yml file exists in the project directory and is correctly formatted. The ls command lists the docker-compose.yml among other project files, ensuring it's in the right place for Trivy to access.

The docker-compose.yml includes various services, volumes, and configurations typical for a development environment, with nothing out of the ordinary in terms of syntax or structure.

Has anyone else experienced similar issues with Trivy not detecting or scanning docker-compose.yml files? Are there specific configurations or considerations I might be missing?

Thank you in advance for your help!

Target

Filesystem

Scanner

Misconfiguration

Output Format

JSON

Mode

Standalone

Operating System

ubuntu-latest

Version

Version: 0.49.1
Vulnerability DB:
  Version: 2
  UpdatedAt: 2024-02-21 18:10:09.915629643 +0000 UTC
  NextUpdate: 2024-02-22 00:10:09.915629242 +0000 UTC
  DownloadedAt: 2024-02-21 21:16:21.530718269 +0000 UTC
Java DB:
  Version: 1
  UpdatedAt: 2024-02-21 11:07:56.507504908 +0000 UTC
  NextUpdate: 2024-02-24 11:07:56.507504788 +0000 UTC
  DownloadedAt: 2024-02-21 21:16:54.840259634 +0000 UTC
Policy Bundle:
  Digest: sha256:73a2a1a91c421860d22f08b990a0ca28fee4ca1e1b45e0bdea14357867e31eb6
  DownloadedAt: 2024-02-21 21:17:08.453326829 +0000 UTC

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/featureCategorizes issue or PR as related to a new feature.scan/misconfigurationIssues relating to misconfiguration scanning

    Type

    No type

    Projects

    Trivy Roadmap

    Status

    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0