From d26a6659d9c184455f4c6473154621a50af4b6e9 Mon Sep 17 00:00:00 2001
From: Pierre Smeyers <pierre.smeyers@gmail.com>
Date: Sun, 15 Sep 2024 19:04:48 +0200
Subject: [PATCH] feat(trivy): enable comprehensive priority

---
 README.md                      | 2 +-
 kicker.json                    | 2 +-
 templates/gitlab-ci-docker.yml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index ff40b77..6a8786a 100644
--- a/README.md
+++ b/README.md
@@ -416,7 +416,7 @@ It is bound to the `package-test` stage, and uses the following variables:
 | `trivy-addr` / `DOCKER_TRIVY_ADDR`                                         | The Trivy server address (for client/server mode)                                                                      | _(none: standalone mode)_                                           |
 | `trivy-security-level-threshold` / `DOCKER_TRIVY_SECURITY_LEVEL_THRESHOLD` | Severities of vulnerabilities to be displayed (comma separated values: `UNKNOWN`, `LOW`, `MEDIUM`, `HIGH`, `CRITICAL`) | `UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL`                                  |
 | `trivy-disabled` / `DOCKER_TRIVY_DISABLED`                                 | Set to `true` to disable Trivy analysis                                                                                | _(none)_                                                            |
-| `trivy-args` / `DOCKER_TRIVY_ARGS`                                         | Additional [`trivy client` arguments](https://aquasecurity.github.io/trivy/v0.27.1/docs/references/cli/client/)        | `--ignore-unfixed --vuln-type os --exit-on-eol 1`                                   |
+| `trivy-args` / `DOCKER_TRIVY_ARGS`                                         | Additional [`trivy client` arguments](https://aquasecurity.github.io/trivy/v0.27.1/docs/references/cli/client/)        | `--ignore-unfixed --vuln-type os --exit-on-eol 1 --detection-priority comprehensive`                                   |
 | `trivy-db-repository` / `DOCKER_TRIVY_DB_REPOSITORY`                       | OCI repository to retrieve Trivy Database from                                                                         | _none_ (use Trivy default `ghcr.io/aquasecurity/trivy-db`)          |
 | `trivy-java-db-repository` / `DOCKER_TRIVY_JAVA_DB_REPOSITORY`             | OCI repository to retrieve Trivy Java Database from                                                                    | _none_ (use Trivy default `ghcr.io/aquasecurity/trivy-java-db:1`)\_ |
 
diff --git a/kicker.json b/kicker.json
index 5fa92eb..76e465c 100644
--- a/kicker.json
+++ b/kicker.json
@@ -198,7 +198,7 @@
         {
           "name": "DOCKER_TRIVY_ARGS",
           "description": "Additional `trivy client` arguments",
-          "default": "--ignore-unfixed --vuln-type os --exit-on-eol 1",
+          "default": "--ignore-unfixed --vuln-type os --exit-on-eol 1 --detection-priority comprehensive",
           "advanced": true
         },
         {
diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml
index eab79e0..012236c 100644
--- a/templates/gitlab-ci-docker.yml
+++ b/templates/gitlab-ci-docker.yml
@@ -172,7 +172,7 @@ spec:
       default: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
     trivy-args:
       description: Additional `trivy client` arguments
-      default: --ignore-unfixed --vuln-type os --exit-on-eol 1
+      default: --ignore-unfixed --vuln-type os --exit-on-eol 1 --detection-priority comprehensive
     trivy-db-repository:
       description: Custom OCI repository to retrieve Trivy Database from
       default: ''
-- 
GitLab