Replies: 2 comments 4 replies
-
You can write a custom rego check to accomplish this easily package trivy
default ignore = false
ignore {
rule = [
{"id": "AVD-DS-0002", "start": 1, "end": 3},
{"id": "AVD-DS-0026", "start": 1, "end": 6},
][_]
input.ID == rule.id
input.CauseMetadata.StartLine == rule.start
input.CauseMetadata.EndLine == rule.end
} |
Beta Was this translation helpful? Give feedback.
4 replies
-
Track #8113 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Description
According to the docs, trivy misconfig scans support filtering via inline comments - but this appears to only work for terraform files https://aquasecurity.github.io/trivy/test/docs/configuration/filtering/#by-inline-comments
Would like to have a similar capability for Dockerfile scanning, so that we can more accurately accept / ignore specific lines in our Dockerfile while not excluding the specific check entirely.
Target
Filesystem
Scanner
Misconfiguration
Beta Was this translation helpful? Give feedback.
All reactions