Bug 55102

Summary: "Error occurred while parsing" for 'specify_ami_owners'
Product: Branch p11 Reporter: Vladislav Glinkin <glinkinvd>
Component: trivyAssignee: gamzin <gamzin>
Status: NEW --- QA Contact: qa-p11 <qa-p11>
Severity: normal    
Priority: P5    
Version: unspecified   
Hardware: x86_64   
OS: Linux   

Description Vladislav Glinkin 2025-07-09 11:51:16 MSK 
trivy < 0.61.0 подвержен проблеме при сканировании конфигурационных файлов.
https://github.com/aquasecurity/trivy/discussions/8625
https://github.com/aquasecurity/trivy/issues/8632

Версия пакета: trivy-0.60.0-alt1

Шаги воспроизведения:
1) $ git clone https://github.com/knqyf263/trivy-ci-test --depth 1
2) $ trivy clean --all
3) $ trivy config ./trivy-ci-test

Фактический результат:
...
2025-07-09T11:40:16+03:00       ERROR   [rego] Error occurred while parsing. Trying to fallback to embedded check       file_path="home/test/.cache/trivy/policy/content/policies/cloud/policies/aws/ec2/specify_ami_owners.rego" err="home/test/.cache/trivy/policy/content/policies/cloud/policies/aws/ec2/specify_ami_owners.rego:30: rego_type_error: undefined ref: input.aws.ec2.requestedamis[__local622__]\n\tinput.aws.ec2.requestedamis[__local622__]\n\t              ^\n\t              have: \"requestedamis\"\n\t              want (one of): [\"instances\" \"launchconfigurations\" \"launchtemplates\" \"networkacls\" \"securitygroups\" \"subnets\" \"volumes\" \"vpcs\"]"
2025-07-09T11:40:16+03:00       ERROR   [rego] Failed to find embedded check, skipping  file_path="home/test/.cache/trivy/policy/content/policies/cloud/policies/aws/ec2/specify_ami_owners.rego"
2025-07-09T11:40:16+03:00       ERROR   [rego] Error occurred while parsing     file_path="home/test/.cache/trivy/policy/content/policies/cloud/policies/aws/ec2/specify_ami_owners.rego" err="home/test/.cache/trivy/policy/content/policies/cloud/policies/aws/ec2/specify_ami_owners.rego:30: rego_type_error: undefined ref: input.aws.ec2.requestedamis[__local622__]\n\tinput.aws.ec2.requestedamis[__local622__]\n\t              ^\n\t              have: \"requestedamis\"\n\t              want (one of): [\"instances\" \"launchconfigurations\" \"launchtemplates\" \"networkacls\" \"securitygroups\" \"subnets\" \"volumes\" \"vpcs\"]"
...
При этом, судя по результату - сканирование всё-таки выполняется.

Ожидаемый результат:
Отсутствие ошибок при сканировании конфигурационных файлов.

Дополнительно:
В sisyphus (trivy-0.61.0-alt1) не воспроизводится.