From 78646afe4e1cd8083e4114c9943f6aeeab4c788f Mon Sep 17 00:00:00 2001 From: Colin Date: Fri, 23 Jan 2026 20:14:13 -0500 Subject: [PATCH] Add debug output to trivy-fs scan --- .woodpecker.yml | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/.woodpecker.yml b/.woodpecker.yml index 0b0cffc..76b116b 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -81,11 +81,24 @@ steps: commands: - echo "nameserver 1.1.1.1" > /etc/resolv.conf - echo "nameserver 1.0.0.1" >> /etc/resolv.conf - - echo "=== Verifying package-lock.json versions ===" - - grep -A2 '"node_modules/glob"' package-lock.json | head -5 - - grep -A2 '"node_modules/mime"' package-lock.json | head -5 + - echo "=== DEBUG: Git commit ===" + - git rev-parse HEAD | cat + - echo "=== DEBUG: package-lock.json exists? ===" + - ls -la package-lock.json + - echo "=== DEBUG: package-lock.json hash ===" + - sha256sum package-lock.json | cat + - echo "=== DEBUG: glob version in lockfile ===" + - grep -A3 '"node_modules/glob"' package-lock.json | head -5 || echo "glob not found" + - echo "=== DEBUG: mime version in lockfile ===" + - grep -A3 '"node_modules/mime"' package-lock.json | head -5 || echo "mime not found" + - echo "=== DEBUG: tar version in lockfile ===" + - grep -A3 '"node_modules/tar"' package-lock.json | head -5 || echo "tar not found" + - echo "=== DEBUG: Check for vulnerable versions ===" + - grep -E '10\.4\.5|6\.2\.1|7\.4\.3|1\.2\.7' package-lock.json || echo "No vulnerable versions found" + - echo "=== DEBUG: Trivy version ===" - trivy --version | cat - - trivy fs --scanners vuln,misconfig --severity HIGH,CRITICAL --exit-code 0 . + - echo "=== Running Trivy scan with debug ===" + - trivy fs --debug --scanners vuln,misconfig --severity HIGH,CRITICAL --exit-code 0 . - trivy fs --scanners vuln,misconfig --severity HIGH,CRITICAL --exit-code 0 Dockerfile when: branch: main