trivy-action: Uploading sarif files: instance.runs[0].tool.driver.rules contains duplicate item
Hi guys,
Hope you are all well !
I tried trivy action and I have the following error:
Uploading sarif files: ["trivy-results.sarif"]
Error details: instance.runs[0].tool.driver.rules contains duplicate item
Is there a parameter to set in trivy to avoid duplicates ?
Here is my workflow file: https://github.com/lucmichalski/prestashop-docker/blob/trivy/.github/workflows/security.yml
Cheers, Luc Michalski
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 25 (16 by maintainers)
@jsjoeio Thanks for your confirmation! We’re sorry for the inconvenience 🙏
@rahul2393 could you look into this?
I’m experiencing the same 🐛 on some images Thanks for the PR @rahul2393
@simar7 please help check this https://github.com/aquasecurity/trivy/pull/984
@lucmichalski please feel free to reopen this if your issue still persists.
@jsjoeio can you check this one now? https://github.com/aquasecurity/trivy-action/releases/tag/0.0.17
Sorry I did typo in previous message, we are going to push a new version then you can use it, I will inform you.
@jsjoeio I just ran the latest fix here in my forked version of your repo https://github.com/rahul2393/code-server/runs/2573437202?check_suite_focus=true, it passed, so we will not do a new release and you can then use it
Checking
@jsjoeio Update your workflow to use latest commit in master branch I see you are using previous commitID here https://github.com/cdr/code-server/blob/main/.github/workflows/ci.yaml#L450, the issue should be fixed.
Thanks. We’ll investigate and get back to you.
Thanks for the quick response! That’s what I thought but for some reason, I’m still seeing this error:
https://github.com/cdr/code-server/pull/3296/checks?check_run_id=2512446010#step:5:158
Any ideas on what we might be doing wrong?
Additional context: our
ci.yaml
pointing at the trivy jobsTrivy Action uses the latest released version of Trivy https://github.com/aquasecurity/trivy-action/blob/master/Dockerfile#L1
Trivy recently had a new release which includes this fix so by the virtue of that the new Trivy Action will also have it.
Is this fix in the latest release of TrivyAction?