Closed kailashp closed 1 year ago
Hi @kailashp,
I can't speak to the Terrascan behavior, but to suppress warnings, you can follow the steps in https://github.com/microsoft/security-devops-azdevops/issues/38#issuecomment-1509461347 to create a .gdn/.gdnsuppress
file
I am getting the following warning when i use 'terrascan' tool in Azure DevOps pipeline.
But i am not using any latest version in my dockerfile, but still it refers 'base' and 'build' image variables declared and throwing this warning. Due to this warning, pipeline task is failing.
Refer the 'base' and 'build' image variable declaration in dockerfile, scanning this line and reporting that warning is fine if latest version is used. But it scans the image reference from 'base' and 'build' variables and throwing this warning
Refer the error throwing lines 32, 35
I think it consider this case and failing, https://github.com/tenable/terrascan/pull/1068#discussion_r736092637![image](https://github.com/microsoft/security-devops-azdevops/assets/14346476/79c3fecb-2ddb-4bf3-bb3e-92bfa8ef7212)
How to overcome this? Whether this behavior is correct or not?