18252174847

Committed 05 Oct 2025 01:36AM UTC coverage: 43.382% (-36.9%) from 80.261%

Build # 18252174847

Build Type

push

github

Committed by

web-flow

Commit Message

run tests on mac arm (#22717)

Just doing the minimal to pull forward the x86_64 pattern.

ref #20993

Run Details

25776 of 59416 relevant lines covered (43.38%)

1.3 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/python/pants/backend/tools/trivy/subsystem.py

# Copyright 2024 Pants project contributors (see CONTRIBUTORS.md).
# Licensed under the Apache License, Version 2.0 (see LICENSE).
from pants.core.util_rules.config_files import ConfigFilesRequest
from pants.core.util_rules.external_tool import TemplatedExternalTool
from pants.engine.target import BoolField
from pants.option.option_types import (
    ArgsListOption,
    BoolOption,
    FileOption,
    SkipOption,
    StrListOption,
)
from pants.util.strutil import softwrap


class Trivy(TemplatedExternalTool):
    options_scope = "trivy"
    name = "Trivy"
    help = "Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more"

    default_version = "0.57.0"
    default_known_versions = [
        "0.57.0|macos_arm64|61230c8a56e463e8eba2bf922bc688b7bd40352187e1f725c79861b0801437f0|39193442",
        "0.57.0|macos_x86_64|e7955b6d38d8125d4aa8936e6af51b0de2b0e0840b4feb90b44002bf7f47bf13|41286618",
        "0.57.0|linux_arm64|29012fdb5ba18da506d1c8b6f389c2ec9d113db965c254971f35267ebb45dd64|37315561",
        "0.57.0|linux_x86_64|cf08a8cd861e5192631fc03bb21efde27c1d93e4407ab70bab32e572bafcbf07|40466119",
    ]

    default_url_template = "https://github.com/aquasecurity/trivy/releases/download/v{version}/trivy_{version}_{platform}.tar.gz"
    default_url_platform_mapping = {
        "macos_arm64": "macOS-ARM64",
        "macos_x86_64": "macOS-64bit",
        "linux_arm64": "Linux-ARM64",
        "linux_x86_64": "Linux-64bit",
    }

    skip = SkipOption("lint")
    args = ArgsListOption(example="--scanners vuln")

    severity = StrListOption(
        default=None,
        help=softwrap(
            """
            Severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL)
            """
        ),
    )

    extra_env_vars = StrListOption(
        help=softwrap(
            """
            Additional environment variables that would be made available to all Terraform processes.
            """
        ),
        advanced=True,
    )

    config_discovery = BoolOption(
        default=True,
        advanced=True,
        help=lambda cls: softwrap(
            f"""
            If true, Pants will include all relevant config files during runs.

            Use `[{cls.options_scope}].config` instead if your config is in a non-standard location
            """
        ),
    )
    config = FileOption(
        default=None,
        advanced=True,
        help=lambda cls: softwrap(
            """
            Path to the Trivy config file.

            Setting this option will disable config discovery for the config file. Use this option if the config is located in a non-standard location.
            """
        ),
    )

    def config_request(self) -> ConfigFilesRequest:
        return ConfigFilesRequest(
            specified=self.config,
            specified_option_name=f"[{self.options_scope}].config",
            discovery=self.config_discovery,
            check_existence=["trivy.yaml"],
        )

    @property
    def cache_dir(self) -> str:
        return "__trivy_cache"

    @property
    def append_only_caches(self) -> dict[str, str]:
        return {"trivy_cache": self.cache_dir}


class SkipTrivyField(BoolField):
    alias = "skip_trivy"
    default = False
    help = "If true, don't run Trivy on this target's Terraform files"

1	# Copyright 2024 Pants project contributors (see CONTRIBUTORS.md).
2	# Licensed under the Apache License, Version 2.0 (see LICENSE).
3	from pants.core.util_rules.config_files import ConfigFilesRequest	×
4	from pants.core.util_rules.external_tool import TemplatedExternalTool	×
5	from pants.engine.target import BoolField	×
6	from pants.option.option_types import (	×
7	ArgsListOption,
8	BoolOption,
9	FileOption,
10	SkipOption,
11	StrListOption,
12	)
13	from pants.util.strutil import softwrap	×
14
15
16	class Trivy(TemplatedExternalTool):	×
17	options_scope = "trivy"	×
18	name = "Trivy"	×
19	help = "Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more"	×
20
21	default_version = "0.57.0"	×
22	default_known_versions = [	×
23	"0.57.0\|macos_arm64\|61230c8a56e463e8eba2bf922bc688b7bd40352187e1f725c79861b0801437f0\|39193442",
24	"0.57.0\|macos_x86_64\|e7955b6d38d8125d4aa8936e6af51b0de2b0e0840b4feb90b44002bf7f47bf13\|41286618",
25	"0.57.0\|linux_arm64\|29012fdb5ba18da506d1c8b6f389c2ec9d113db965c254971f35267ebb45dd64\|37315561",
26	"0.57.0\|linux_x86_64\|cf08a8cd861e5192631fc03bb21efde27c1d93e4407ab70bab32e572bafcbf07\|40466119",
27	]
28
29	default_url_template = "https://github.com/aquasecurity/trivy/releases/download/v{version}/trivy_{version}_{platform}.tar.gz"	×
30	default_url_platform_mapping = {	×
31	"macos_arm64": "macOS-ARM64",
32	"macos_x86_64": "macOS-64bit",
33	"linux_arm64": "Linux-ARM64",
34	"linux_x86_64": "Linux-64bit",
35	}
36
37	skip = SkipOption("lint")	×
38	args = ArgsListOption(example="--scanners vuln")	×
39
40	severity = StrListOption(	×
41	default=None,
42	help=softwrap(
43	"""
44	Severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL)
45	"""
46	),
47	)
48
49	extra_env_vars = StrListOption(	×
50	help=softwrap(
51	"""
52	Additional environment variables that would be made available to all Terraform processes.
53	"""
54	),
55	advanced=True,
56	)
57
58	config_discovery = BoolOption(	×
59	default=True,
60	advanced=True,
61	help=lambda cls: softwrap(
62	f"""
63	If true, Pants will include all relevant config files during runs.
64
65	Use `[{cls.options_scope}].config` instead if your config is in a non-standard location
66	"""
67	),
68	)
69	config = FileOption(	×
70	default=None,
71	advanced=True,
72	help=lambda cls: softwrap(
73	"""
74	Path to the Trivy config file.
75
76	Setting this option will disable config discovery for the config file. Use this option if the config is located in a non-standard location.
77	"""
78	),
79	)
80
81	def config_request(self) -> ConfigFilesRequest:	×
82	return ConfigFilesRequest(	×
83	specified=self.config,
84	specified_option_name=f"[{self.options_scope}].config",
85	discovery=self.config_discovery,
86	check_existence=["trivy.yaml"],
87	)
88
89	@property	×
90	def cache_dir(self) -> str:	×
91	return "__trivy_cache"	×
92
93	@property	×
94	def append_only_caches(self) -> dict[str, str]:	×
95	return {"trivy_cache": self.cache_dir}	×
96
97
98	class SkipTrivyField(BoolField):	×
99	alias = "skip_trivy"	×
100	default = False	×
101	help = "If true, don't run Trivy on this target's Terraform files"	×

pantsbuild / pants / 18252174847

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous