jfrog / terraform-provider-xray

Terraform provider to manage JFrog Xray

https://jfrog.com/xray/

Apache License 2.0

151 stars 12 forks source link

Add support for Xray Ignore Rules #67

Closed spuder closed 2 years ago

spuder commented 2 years ago

Xray does container scanning, and supports Ignore rules for allowing exceptions.

We have many containers that are reporting critical vulerabilities that are not actually critical due to other compensating controls we have in place.

We want the ability to programatically define ignore rules using terraform as infrastructure as code

Documentation
Rest API Documentation

POST /api/v1/ignore_rules
“vulnerabilities”/“licenses”/“cves”/“policies”/“watches”/“docker-layers”  - []string

chb0github commented 2 years ago

Please offer up some potential HCL you'd like to see

spuder commented 2 years ago

proposal 1

https://www.jfrog.com/confluence/display/JFROG/Ignore+Rules#IgnoreRules-IgnoringViolationsExamples

resource "artifactory_vulerability_ignore_rule" {
  note = "approved by CISO"
  expiration_time = "2020-12-24"
  vulnerability = "any"
  component = {
    version= 2.1.5,
     url = "gav://com.atlassian.maven.pulings" 
  }
  artifact = "generic://sha256:123456"
  watch = "w"
}

chb0github commented 2 years ago

Thanks. We'll see what we can do

oallauddin commented 2 years ago

When this is implemented please add an attribute for the optional projectKey query parameter. So we can ignore_rules for a watch that is tied to a project. POST /api/v1/ignore_rules?projectKey=test