Nixius
/
hastebin
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add debug output to trivy-fs scan

This commit is contained in:
Colin 2026-01-23 20:14:13 -05:00
parent 5e6fbcad3d
commit 78646afe4e
Signed by: colin
SSH Key Fingerprint: SHA256:nRPCQTeMFLdGytxRQmPVK9VXY3/ePKQ5lGRyJhT5DY8
1 changed files with 17 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
.woodpecker.yml
View File

@ -81,11 +81,24 @@ steps:
commands:
- echo "nameserver 1.1.1.1" > /etc/resolv.conf
- echo "nameserver 1.0.0.1" >> /etc/resolv.conf
- echo "=== Verifying package-lock.json versions ==="
- grep -A2 '"node_modules/glob"' package-lock.json | head -5
- grep -A2 '"node_modules/mime"' package-lock.json | head -5
- echo "=== DEBUG: Git commit ==="
- git rev-parse HEAD | cat
- echo "=== DEBUG: package-lock.json exists? ==="
- ls -la package-lock.json
- echo "=== DEBUG: package-lock.json hash ==="
- sha256sum package-lock.json | cat
- echo "=== DEBUG: glob version in lockfile ==="
- grep -A3 '"node_modules/glob"' package-lock.json | head -5 || echo "glob not found"
- echo "=== DEBUG: mime version in lockfile ==="
- grep -A3 '"node_modules/mime"' package-lock.json | head -5 || echo "mime not found"
- echo "=== DEBUG: tar version in lockfile ==="
- grep -A3 '"node_modules/tar"' package-lock.json | head -5 || echo "tar not found"
- echo "=== DEBUG: Check for vulnerable versions ==="
- grep -E '10\.4\.5|6\.2\.1|7\.4\.3|1\.2\.7' package-lock.json || echo "No vulnerable versions found"
- echo "=== DEBUG: Trivy version ==="
- trivy --version | cat
- trivy fs --scanners vuln,misconfig --severity HIGH,CRITICAL --exit-code 0 .
- echo "=== Running Trivy scan with debug ==="
- trivy fs --debug --scanners vuln,misconfig --severity HIGH,CRITICAL --exit-code 0 .
- trivy fs --scanners vuln,misconfig --severity HIGH,CRITICAL --exit-code 0 Dockerfile
when:
branch: main