trivy-action: Uploading sarif files: instance.runs[0].tool.driver.rules contains duplicate item

Hi guys,

Hope you are all well !

I tried trivy action and I have the following error:

Uploading sarif files: ["trivy-results.sarif"]
Error details: instance.runs[0].tool.driver.rules contains duplicate item
Screenshot 2020-12-14 at 15 33 21

Is there a parameter to set in trivy to avoid duplicates ?

Here is my workflow file: https://github.com/lucmichalski/prestashop-docker/blob/trivy/.github/workflows/security.yml

Cheers, Luc Michalski

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 25 (16 by maintainers)

Most upvoted comments

@jsjoeio Thanks for your confirmation! We’re sorry for the inconvenience 🙏

@rahul2393 could you look into this?

I’m experiencing the same 🐛 on some images Thanks for the PR @rahul2393

@lucmichalski please feel free to reopen this if your issue still persists.

Sorry I did typo in previous message, we are going to push a new version then you can use it, I will inform you.

@jsjoeio I just ran the latest fix here in my forked version of your repo https://github.com/rahul2393/code-server/runs/2573437202?check_suite_focus=true, it passed, so we will not do a new release and you can then use it

Checking

@jsjoeio Update your workflow to use latest commit in master branch I see you are using previous commitID here https://github.com/cdr/code-server/blob/main/.github/workflows/ci.yaml#L450, the issue should be fixed.

Thanks for the quick response! That’s what I thought but for some reason, I’m still seeing this error:

https://github.com/cdr/code-server/pull/3296/checks?check_run_id=2512446010#step:5:158

Any ideas on what we might be doing wrong?

Additional context: our ci.yaml pointing at the trivy jobs

Thanks. We’ll investigate and get back to you.

Thanks for the quick response! That’s what I thought but for some reason, I’m still seeing this error:

https://github.com/cdr/code-server/pull/3296/checks?check_run_id=2512446010#step:5:158

Any ideas on what we might be doing wrong?

Additional context: our ci.yaml pointing at the trivy jobs

Is this fix in the latest release of TrivyAction?

Trivy Action uses the latest released version of Trivy https://github.com/aquasecurity/trivy-action/blob/master/Dockerfile#L1

Trivy recently had a new release which includes this fix so by the virtue of that the new Trivy Action will also have it.

Is this fix in the latest release of TrivyAction?