feat(misconf): Add minimum supported version #8637
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
scan/misconfiguration
Issues relating to misconfiguration scanning
Milestone
Description
Today trivy supports the ability to load any check, regardless of whether or not it has the ability to actually run it. This is the case for those checks where the support for a new service or provider is added.
This leads to situations where an older version of Trivy can download a new check for which it may not have the support for. In such a case today we don't evaluate the check and end up skipping it.
Solution
A more optimized approach in such a case would be to add a metadata annotation to the check itself, which could specify the "minimum trivy version" needed to run that particular check. This would then be used by the Trivy CLI to determine if it makes sense for it to load that particular check or not.
Example
An example of this could look like the following (details omitted for brevity):
In this case a trivy version semantically higher than v0.60 would be able to load this check. As we only introduce new features in a minor release (not a patch), we can omit checking/specifying for the patch release version.
The text was updated successfully, but these errors were encountered: