I am using Trivy to scan for Vulnerability scanning in the GitLab CI CD pipeline.
When I use $ trivy fs --exit-code 0 --severity UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL --scanners vuln,config ./. --timeout $TRIVY_TIMEOUT
I am getting the error :
FATAL filesystem scan error: scan error: scan failed: failed analysis: failed to call hooks: post handler error: misconfiguration scan error: scan config error: 4 errors occurred:
policies/cloud/policies/aws/rds/disable_cluster_skip_final_snapshot.rego:26: rego_type_error: undefined ref: cluster.skipfinalsnapshot.value
cluster.skipfinalsnapshot.value
^
have: "skipfinalsnapshot"
want (one of): ["backupretentionperioddays" "encryption" "engine" "instances" "performanceinsights" "publicaccess" "replicationsourcearn"]
So could someone help me fix this issue?
It seems to be an bug from trivy so have reported it here https://github.com/aquasecurity/defsec/issues/1466