2025-05-28 15:09:48 +03:00
# Selecting files for scanning
2023-05-03 10:23:21 +01:00
2025-05-28 15:09:48 +03:00
When scanning a target (image, code repository, etc), Trivy traverses all directories and files in that target and looks for known files to scan. For example, vulnerability scanner might look for `/lib/apk/db/installed` for Alpine APK scanning or `requirements.txt` file for Python pip scanning, and misconfiguration scanner might look for `Dockerfile` for Dockerfile scanning. This document explains how to control which files Trivy looks (including skipping files) for and how it should process them.
2023-05-03 10:23:21 +01:00
2025-05-28 15:09:48 +03:00
!!! note
Selecting/skipping files is different from filtering/ignoring results, which is covered in the [Filtering document ](./filtering.md )
2023-08-02 05:33:59 -07:00
2025-05-28 15:09:48 +03:00
## Skip Files and Directories
2023-05-03 10:23:21 +01:00
2025-05-28 15:09:48 +03:00
You can skip specific files and directories using the `--skip-files` and `--skip-dirs` flags.
2023-05-03 10:23:21 +01:00
2025-05-28 15:09:48 +03:00
For example:
2023-08-02 05:33:59 -07:00
```bash
2025-05-28 15:09:48 +03:00
trivy image --skip-files "/Gemfile.lock" --skip-dirs "/var/lib/gems/2.5.0/gems/http_parser.rb-0.6.0" quay.io/fluentd_elasticsearch/fluentd:v2.9.0
2023-08-02 05:33:59 -07:00
```
2025-05-28 15:09:48 +03:00
This feature is relevant for the following scanners:
2023-05-03 10:23:21 +01:00
| Scanner | Supported |
|:----------------:|:---------:|
| Vulnerability | ✓ |
| Misconfiguration | ✓ |
| Secret | ✓ |
| License | ✓ |
2025-05-28 15:09:48 +03:00
It's possible to specify glob patterns when referring to a file or directory. The glob expression follows the ["doublestar" library syntax ](https://pkg.go.dev/github.com/bmatcuk/doublestar/v4@v4.8.1#readme-patterns ).
Examples:
2023-05-03 10:23:21 +01:00
2023-08-02 05:33:59 -07:00
```bash
2025-05-28 15:09:48 +03:00
# skip any file named `bar` in the subdirectories of testdata
trivy image --skip-files "./testdata/*/bar" .
2023-05-03 10:23:21 +01:00
```
2025-05-28 15:09:48 +03:00
```bash
# skip any files with the extension `.tf` in subdirectories of foo at any depth
trivy config --skip-files "./foo/**/*.tf" .
2023-08-02 05:33:59 -07:00
```
2023-05-03 10:23:21 +01:00
```bash
2025-05-28 15:09:48 +03:00
# skip all subdirectories of the testdata directory.
trivy image --skip-dirs "./testdata/*" .
2023-05-03 10:23:21 +01:00
```
2023-08-02 05:33:59 -07:00
```bash
2025-05-28 15:09:48 +03:00
# skip subdirectories at any depth named `.terraform/`.
# this will match `./foo/.terraform` or `./foo/bar/.terraform`, but not `./.terraform`
trivy config --skip-dirs "**/.terraform" .
2023-08-02 05:33:59 -07:00
```
2025-05-28 15:09:48 +03:00
Like any other flag, this is available as Trivy YAML configuration.
2023-05-03 10:23:21 +01:00
2025-05-28 15:09:48 +03:00
For example:
2023-05-03 10:23:21 +01:00
2025-05-28 15:09:48 +03:00
```yaml
2026-01-20 15:40:00 +06:00
scan:
2025-05-28 15:09:48 +03:00
skip-files:
- foo
- "testdata/*/bar"
skip-dirs:
- foo/bar/
- "**/.terraform"
```
## Customizing file handling
2023-05-03 10:23:21 +01:00
2025-05-28 15:09:48 +03:00
You can customize which files Trivy scans and how it interprets them with the `--file-patterns` flag.
A file pattern configuration takes the following form: `<analyzer>:<path>` , such that files matching the `<path>` will be processed with the respective `<analyzer>` .
2025-12-22 14:55:26 +06:00
!!! Note
`--file-patterns` flag doesn't disable the default file detection behavior of Trivy. It only adds the file detection based on the specified patterns.
2025-05-28 15:09:48 +03:00
For example:
2023-05-03 10:23:21 +01:00
```bash
2025-12-22 14:55:26 +06:00
trivy fs --file-patterns "pip:.requirements-test.txt" .
2023-05-03 10:23:21 +01:00
```
2025-05-28 15:09:48 +03:00
This feature is relevant for the following scanners:
2023-05-03 10:23:21 +01:00
| Scanner | Supported |
|:----------------:|:---------:|
| Vulnerability | ✓ |
| Misconfiguration | ✓ |
| Secret | |
2023-11-06 10:55:08 +06:00
| License | ✓[^1] |
2023-05-03 10:23:21 +01:00
2025-05-28 15:09:48 +03:00
The list of analyzers can be found [here ](https://github.com/aquasecurity/trivy/tree/{{ git.commit }}/pkg/fanal/analyzer/const.go ).
Note that this flag is not applicable for parsers that accepts files of different extensions, for example the Terraform file parser which handles .tf and .tf.json files.
2023-05-03 10:23:21 +01:00
2025-05-28 15:09:48 +03:00
The file path can use a [regular expression ](https://pkg.go.dev/regexp/syntax ). For example:
2023-05-03 10:23:21 +01:00
2025-05-28 15:09:48 +03:00
```bash
# interpret any file with .txt extension as a python pip requirements file
2025-12-22 14:55:26 +06:00
trivy fs --file-patterns "pip:requirements-.*\.txt" .
2023-05-03 10:23:21 +01:00
```
2025-05-28 15:09:48 +03:00
The flag can be repeated for specifying multiple file patterns. For example:
2023-11-06 10:55:08 +06:00
2025-05-28 15:09:48 +03:00
```bash
# look for Dockerfile called production.docker and a python pip requirements file called requirements-test.txt
2025-12-22 14:55:26 +06:00
trivy fs --scanners misconfig,vuln --file-patterns "dockerfile:.production.docker" --file-patterns "pip:.requirements-test.txt" .
2025-05-28 15:09:48 +03:00
```
2023-11-06 10:55:08 +06:00
2025-05-28 15:09:48 +03:00
[^1]: Only work with the [license-full ](../scanner/license.md ) flag
2025-05-15 18:36:35 -06:00
2025-05-28 15:09:48 +03:00
## Avoid full filesystem traversal
2025-05-15 18:36:35 -06:00
2025-05-28 15:09:48 +03:00
In specific scenarios Trivy can avoid traversing the entire filesystem, which makes scanning faster and more efficient.
For more information see [here ](../target/rootfs.md#performance-optimization )
