Open rorynickolls-skyral opened 6 months ago
@rorynickolls-skyral Thanks for the suggestion. I've added this to our road map.
@alexhung We ran into the same issue just recently. Are there any news on when this will be fixed?
@yahesh Unfortunately, no update so far. The REST APIs to initiate a scan are designed for specific artifact, build, etc., and does not necessary match the criteria in ignore rules. I haven't been able to come up with a good way to reconcile these differences yet.
Two alternatives:
Hey just adding my personal experiences here. I've ran into this issue but also experienced some other, & from a user perspective slightly bizarre behaviour which I think is related. We have policy to block downloads of all artefacts with critical vulnerabilities.
I've been able to re-produce this pretty consistently
Is your feature request related to a problem? Please describe.
When creating or updating
xray_ignore_rule
Terraform resources, it does not appear to take effect immediately. Policy violations do not start showing as 'Ignored' in the Xray scans list until a scan is triggered manually through the UI.Describe the solution you'd like
Having a manual step after creating rules defeats the purpose of managing them through Terraform - it would be ideal if changes to the Terraform-managed ignore rule took effect immediately without any intervention.
Describe alternatives you've considered
Alternatives are:
Neither of which are great solutions!
Additional context
When creating a rule through the Artifactory UI, it appears to take effect immediately without triggering a scan. It is unclear how it does this, and whether there's an API request that can be made from the provider to make it happen.