I have a .trivyignore.yaml with the following content (Example content)
misconfigurations:
- id: AVD-DS-0001
- id: AVD-DS-0002
statement: The image needs root privileges
- id: AVD-AWS-0132
statement: Testing removal of customer encruption keys check
- id: AVD-AWS-0031
statement: Testing removal of MUTABLE TAG check
I can see that the trivyignore file is being picked up.
However, I still get failures reported for AVD-AWS-0031 and AVD-AWS-0132. I am guessing this is because it reports the file as --ignorefile ./trivyignores in the action run and not as a yaml file as I expected
If I switch to using either of the below formats it works though as I guess this is more akin to what ./trivyignores format would be. However I would have no idea how to get path working in this situation.
furan917
commented
4 weeks ago
Hey!
(Sorry, noticed this was a duplicate this morning, but here is a PR to suggest a pathway fix)
I seem to be having an issue with this action (using master) where I can see that my ignore file is being picked up, but the configuration is not taking hold if I use the YAML format suggested here: https://aquasecurity.github.io/trivy/v0.50/docs/configuration/filtering/#trivyignoreyaml
I have a .trivyignore.yaml with the following content (Example content)
I can see that the trivyignore file is being picked up.
However, I still get failures reported for AVD-AWS-0031 and AVD-AWS-0132. I am guessing this is because it reports the file as
--ignorefile ./trivyignoresin the action run and not as a yaml file as I expectedIf I switch to using either of the below formats it works though as I guess this is more akin to what ./trivyignores format would be. However I would have no idea how to get path working in this situation.
With heading
without heading
Any help would be appreciated. I am guessing it might be a case of "We don't support yaml files yet" but better to check.