21552830208

Committed 31 Jan 2026 11:40PM UTC coverage: 80.277% (-0.05%) from 80.324%

Build # 21552830208

Build Type

Pull #23062

github

Committed by

web-flow

Commit Message

Merge 808a9786c into 2c4dcf9cf

Pull Request Pull Request #23062: Remove support for Get

Run Details

18 of 25 new or added lines in 4 files covered. (72.0%)

17119 existing lines in 541 files now uncovered.

78278 of 97510 relevant lines covered (80.28%)

3.36 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

90.32

/src/python/pants/backend/tools/trivy/subsystem.py

1	# Copyright 2024 Pants project contributors (see CONTRIBUTORS.md).
2	# Licensed under the Apache License, Version 2.0 (see LICENSE).
UNCOV 3	from pants.core.util_rules.config_files import ConfigFilesRequest	3✔
UNCOV 4	from pants.core.util_rules.external_tool import TemplatedExternalTool	3✔
UNCOV 5	from pants.engine.target import BoolField	3✔
UNCOV 6	from pants.option.option_types import (	3✔
7	ArgsListOption,
8	BoolOption,
9	FileOption,
10	SkipOption,
11	StrListOption,
12	)
UNCOV 13	from pants.util.strutil import softwrap	3✔
14
15
UNCOV 16	class Trivy(TemplatedExternalTool):	3✔
UNCOV 17	options_scope = "trivy"	3✔
UNCOV 18	name = "Trivy"	3✔
UNCOV 19	help = "Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more"	3✔
20
UNCOV 21	default_version = "0.57.0"	3✔
UNCOV 22	default_known_versions = [	3✔
23	"0.57.0\|macos_arm64\|61230c8a56e463e8eba2bf922bc688b7bd40352187e1f725c79861b0801437f0\|39193442",
24	"0.57.0\|macos_x86_64\|e7955b6d38d8125d4aa8936e6af51b0de2b0e0840b4feb90b44002bf7f47bf13\|41286618",
25	"0.57.0\|linux_arm64\|29012fdb5ba18da506d1c8b6f389c2ec9d113db965c254971f35267ebb45dd64\|37315561",
26	"0.57.0\|linux_x86_64\|cf08a8cd861e5192631fc03bb21efde27c1d93e4407ab70bab32e572bafcbf07\|40466119",
27	]
28
UNCOV 29	default_url_template = "https://github.com/aquasecurity/trivy/releases/download/v{version}/trivy_{version}_{platform}.tar.gz"	3✔
UNCOV 30	default_url_platform_mapping = {	3✔
31	"macos_arm64": "macOS-ARM64",
32	"macos_x86_64": "macOS-64bit",
33	"linux_arm64": "Linux-ARM64",
34	"linux_x86_64": "Linux-64bit",
35	}
36
UNCOV 37	skip = SkipOption("lint")	3✔
UNCOV 38	args = ArgsListOption(example="--scanners vuln")	3✔
39
UNCOV 40	severity = StrListOption(	3✔
41	default=None,
42	help=softwrap(
43	"""
44	Severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL)
45	"""
46	),
47	)
48
UNCOV 49	extra_env_vars = StrListOption(	3✔
50	help=softwrap(
51	"""
52	Additional environment variables that would be made available to all Terraform processes.
53	"""
54	),
55	advanced=True,
56	)
57
UNCOV 58	config_discovery = BoolOption(	3✔
59	default=True,
60	advanced=True,
61	help=lambda cls: softwrap(
62	f"""
63	If true, Pants will include all relevant config files during runs.
64
65	Use `[{cls.options_scope}].config` instead if your config is in a non-standard location
66	"""
67	),
68	)
UNCOV 69	config = FileOption(	3✔
70	default=None,
71	advanced=True,
72	help=lambda cls: softwrap(
73	"""
74	Path to the Trivy config file.
75
76	Setting this option will disable config discovery for the config file. Use this option if the config is located in a non-standard location.
77	"""
78	),
79	)
80
UNCOV 81	def config_request(self) -> ConfigFilesRequest:	3✔
82	return ConfigFilesRequest(	×
83	specified=self.config,
84	specified_option_name=f"[{self.options_scope}].config",
85	discovery=self.config_discovery,
86	check_existence=["trivy.yaml"],
87	)
88
UNCOV 89	@property	3✔
UNCOV 90	def cache_dir(self) -> str:	3✔
91	return "__trivy_cache"	×
92
UNCOV 93	@property	3✔
UNCOV 94	def append_only_caches(self) -> dict[str, str]:	3✔
95	return {"trivy_cache": self.cache_dir}	×
96
97
UNCOV 98	class SkipTrivyField(BoolField):	3✔
UNCOV 99	alias = "skip_trivy"	3✔
UNCOV 100	default = False	3✔
UNCOV 101	help = "If true, don't run Trivy on this target's Terraform files"	3✔

pantsbuild / pants / 21552830208

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous