From 82ec0dd604dba823f8d78b0ae2655450d8fe3a55 Mon Sep 17 00:00:00 2001
From: Herman Wika Horn <herman.horn@bekk.no>
Date: Wed, 31 May 2023 22:47:20 +0200
Subject: [PATCH] Include args when using trivy config file (#231)

Previously, arguments provided using regular flags
were ignored if a trivy config file was provided

Note that this pull request makes no effort to
deduce or merge desired argument if the same
configuration with different values are provided
both within the config file and as flags. Behaviour
for this case would develop on the implementation
of trivy
---
 entrypoint.sh                | 2 +-
 test/data/trivy-reduced.yaml | 3 +++
 test/test.bats               | 8 ++++++++
 3 files changed, 12 insertions(+), 1 deletion(-)
 create mode 100644 test/data/trivy-reduced.yaml

diff --git a/entrypoint.sh b/entrypoint.sh
index fc528a2..d08cde3 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -177,7 +177,7 @@ if [ "${format}" == "sarif" ] && [ "${limitSeveritiesForSARIF}" != "true" ]; the
   trivy --quiet ${scanType} --format sarif --output ${output} $SARIF_ARGS ${artifactRef}
 elif [ $trivyConfig ]; then
    echo "Running Trivy with trivy.yaml config from: " $trivyConfig
-   trivy --config $trivyConfig ${scanType} ${artifactRef}
+   trivy --config $trivyConfig ${ARGS} ${scanType} ${artifactRef}
    returnCode=$?
 else
    echo "Running trivy with options: trivy ${scanType} ${ARGS}" "${artifactRef}"
diff --git a/test/data/trivy-reduced.yaml b/test/data/trivy-reduced.yaml
new file mode 100644
index 0000000..1b7da61
--- /dev/null
+++ b/test/data/trivy-reduced.yaml
@@ -0,0 +1,3 @@
+vulnerability:
+  type: os
+output: yamlconfig.test
\ No newline at end of file
diff --git a/test/test.bats b/test/test.bats
index 13a69ce..5c87409 100644
--- a/test/test.bats
+++ b/test/test.bats
@@ -81,3 +81,11 @@ bats_load_library bats-file
   echo "$output"
   assert_files_equal yamlconfig.test ./test/data/yamlconfig.test
 }
+
+@test "trivy image with trivy.yaml config and args" {
+  # trivy --config=./test/data/trivy-reduced.yaml image alpine:3.10
+  run ./entrypoint.sh "-v ./test/data/trivy-reduced.yaml" "-a image" "-i alpine:3.10" "-b json" "-g CRITICAL"
+  run diff yamlconfig.test ./test/data/yamlconfig.test
+  echo "$output"
+  assert_files_equal yamlconfig.test ./test/data/yamlconfig.test
+}