Env var alternative for skipping files

[tainn]

Question

Hello.

I am trying to skip certain file types when using the trivy fs scan. It works if I either use the --skip-files CLI param or provide a trivy.yaml file with the following example content:

scan:
  skip-files:
    - "**/*.jar"
    - "**/*.hlp"

However, I am trying to get this working through environment variables. Based on the docs, the TRIVY_SKIP_FILES should work. In what format should the content of it be?

I tried the following, all of which did not work:

**/*.jar,**/*.hlp
"**/*.jar,**/*.hlp"
"**/*.jar","**/*.hlp"
""**/*.jar","**/*.hlp""

Thank you.

Target

Filesystem

Scanner

Vulnerability

Output Format

JSON

Mode

Standalone

Operating System

AlmaLinux 9.4 (Seafoam Ocelot)

Version

aquasec/trivy:0.57.1

[nikpivkin]

Hi @tainn !

The following works for me:

❯ TRIVY_SKIP_FILES="**/*.tf,**/Dockerfile" trivy conf . -d
...
2024-11-29T19:01:57+06:00       DEBUG   Initializing scan cache...      type="memory"
2024-11-29T19:01:57+06:00       DEBUG   Skipping path   path="examples/Dockerfile"
2024-11-29T19:01:57+06:00       DEBUG   Skipping path   path="examples/main.tf"
2024-11-29T19:01:57+06:00       DEBUG   Skipping path   path="main.tf"
2024-11-29T19:01:57+06:00       DEBUG   Skipping path   path="project/main.tf"
2024-11-29T19:01:57+06:00       DEBUG   Skipping path   path="test/main.tf"
2024-11-29T19:01:57+06:00       DEBUG   OS is not detected.
2024-11-29T19:01:57+06:00       INFO    Detected config files   num=0
2024-11-29T19:01:57+06:00       DEBUG   [vex] VEX filtering is disabled

[tainn]

Found out the issue, there was apparently some additional quotation being done and the file names were named with quotes.

Trivy environment variables work as expected.