[skipci] TMP: debug trivy sbom command

elelaysh · elelaysh · commit 754b5194ce79 · 2026-01-19T20:38:01.000+01:00
diff --git a/tools/scan-images.sh b/tools/scan-images.sh
@@ -116,10 +116,11 @@ generate_sbom() {
   local filename=$2
   local image=$3
   trivy image \
+        --debug \
         --format spdx-json \
         --output image-scan-output/${imagename}/${filename}-sbom.json \
-        $image > /dev/null 2>&1
-  echo "trivy sbom $scan_common_args \
+        $image &> image-scan-output/${imagename}/${filename}-sbom.log
+  echo "trivy sbom $scan_common_args --debug \
         --output image-scan-output/${imagename}/${filename}-scan.json \
         image-scan-output/${imagename}/${filename}-sbom.json"
 }
@@ -139,17 +140,20 @@ scan_image() {
   if $generate_sbom; then
     echo "Generating SBOM for $imagename"
     scan_command=$(generate_sbom $imagename $filename $image)
+    cat image-scan-output/${imagename}/${filename}-sbom.log
+    ls -alh image-scan-output/${imagename}
   else
     scan_command="trivy image $scan_common_args \
                   --output image-scan-output/${imagename}/${filename}-scan.json $image"
   fi
 
   # Run scan against image or SBOM, format output. If no results, delete files.
   echo "Scanning $imagename for vulnerabilities"
-  if $scan_command > /dev/null 2>&1; then
+  if $scan_command >& image-scan-output/${imagename}/${filename}-scan.log; then
     rm -f image-scan-output/${imagename}/${filename}-scan.json
     echo "${image}" >> image-scan-output/clean-images.txt
   else
+    cat image-scan-output/${imagename}/${filename}-scan.log
     generate_summary_csv $imagename $filename
     categorise_image $imagename $filename $image
   fi
