19015773527

Committed 02 Nov 2025 05:33PM UTC coverage: 17.872% (-62.4%) from 80.3%

Build # 19015773527

Build Type

Pull #22816

github

Committed by

web-flow

Commit Message

Merge a12d75757 into 6c024e162

Pull Request Pull Request #22816: Update Pants internal Python to 3.14

Run Details

4 of 5 new or added lines in 3 files covered. (80.0%)

28452 existing lines in 683 files now uncovered.

9831 of 55007 relevant lines covered (17.87%)

0.18 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/python/pants/backend/tools/trivy/subsystem.py

1	# Copyright 2024 Pants project contributors (see CONTRIBUTORS.md).
2	# Licensed under the Apache License, Version 2.0 (see LICENSE).
UNCOV 3	from pants.core.util_rules.config_files import ConfigFilesRequest	×
UNCOV 4	from pants.core.util_rules.external_tool import TemplatedExternalTool	×
UNCOV 5	from pants.engine.target import BoolField	×
UNCOV 6	from pants.option.option_types import (	×
7	ArgsListOption,
8	BoolOption,
9	FileOption,
10	SkipOption,
11	StrListOption,
12	)
UNCOV 13	from pants.util.strutil import softwrap	×
14
15
UNCOV 16	class Trivy(TemplatedExternalTool):	×
UNCOV 17	options_scope = "trivy"	×
UNCOV 18	name = "Trivy"	×
UNCOV 19	help = "Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more"	×
20
UNCOV 21	default_version = "0.57.0"	×
UNCOV 22	default_known_versions = [	×
23	"0.57.0\|macos_arm64\|61230c8a56e463e8eba2bf922bc688b7bd40352187e1f725c79861b0801437f0\|39193442",
24	"0.57.0\|macos_x86_64\|e7955b6d38d8125d4aa8936e6af51b0de2b0e0840b4feb90b44002bf7f47bf13\|41286618",
25	"0.57.0\|linux_arm64\|29012fdb5ba18da506d1c8b6f389c2ec9d113db965c254971f35267ebb45dd64\|37315561",
26	"0.57.0\|linux_x86_64\|cf08a8cd861e5192631fc03bb21efde27c1d93e4407ab70bab32e572bafcbf07\|40466119",
27	]
28
UNCOV 29	default_url_template = "https://github.com/aquasecurity/trivy/releases/download/v{version}/trivy_{version}_{platform}.tar.gz"	×
UNCOV 30	default_url_platform_mapping = {	×
31	"macos_arm64": "macOS-ARM64",
32	"macos_x86_64": "macOS-64bit",
33	"linux_arm64": "Linux-ARM64",
34	"linux_x86_64": "Linux-64bit",
35	}
36
UNCOV 37	skip = SkipOption("lint")	×
UNCOV 38	args = ArgsListOption(example="--scanners vuln")	×
39
UNCOV 40	severity = StrListOption(	×
41	default=None,
42	help=softwrap(
43	"""
44	Severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL)
45	"""
46	),
47	)
48
UNCOV 49	extra_env_vars = StrListOption(	×
50	help=softwrap(
51	"""
52	Additional environment variables that would be made available to all Terraform processes.
53	"""
54	),
55	advanced=True,
56	)
57
UNCOV 58	config_discovery = BoolOption(	×
59	default=True,
60	advanced=True,
61	help=lambda cls: softwrap(
62	f"""
63	If true, Pants will include all relevant config files during runs.
64
65	Use `[{cls.options_scope}].config` instead if your config is in a non-standard location
66	"""
67	),
68	)
UNCOV 69	config = FileOption(	×
70	default=None,
71	advanced=True,
72	help=lambda cls: softwrap(
73	"""
74	Path to the Trivy config file.
75
76	Setting this option will disable config discovery for the config file. Use this option if the config is located in a non-standard location.
77	"""
78	),
79	)
80
UNCOV 81	def config_request(self) -> ConfigFilesRequest:	×
82	return ConfigFilesRequest(	×
83	specified=self.config,
84	specified_option_name=f"[{self.options_scope}].config",
85	discovery=self.config_discovery,
86	check_existence=["trivy.yaml"],
87	)
88
UNCOV 89	@property	×
UNCOV 90	def cache_dir(self) -> str:	×
91	return "__trivy_cache"	×
92
UNCOV 93	@property	×
UNCOV 94	def append_only_caches(self) -> dict[str, str]:	×
95	return {"trivy_cache": self.cache_dir}	×
96
97
UNCOV 98	class SkipTrivyField(BoolField):	×
UNCOV 99	alias = "skip_trivy"	×
UNCOV 100	default = False	×
UNCOV 101	help = "If true, don't run Trivy on this target's Terraform files"	×

pantsbuild / pants / 19015773527

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous