Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Trivy's ignorePolicy #1890

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Support Trivy's ignorePolicy #1890

wants to merge 1 commit into from

Conversation

toanhminh0412
Copy link

This is a starter PR to support Trivy's --ignore-policy option as documented here

Trivy currently isn't packaged with any .rego file, and there is no way to specify a list of policies in .rego format for Trivy to ignore when reporting vulnerabilities.

This PR provides an option in values.yaml to set a certain set of policies for Trivy to ignore. The option is trivy.ignorePolicy, which can be set to either none, basic or advanced. basic and advanced options are from Trivy's example policies.

This PR provides hard-coded policies for ease of use, which does come with limitations. We might want to allow users to create custom policies. If there is a need for this, we can further develop this PR to support it.

@toanhminh0412
Copy link
Author

Hi @reasonerjt ,

Could you please take a look at this PR when you have a chance? Let me know if there's anything I can clarify or improve. Thanks in advance! 🙏

We need this feature asap for our Harbor instance and it would be great if this can be included into your repo.

@toanhminh0412 toanhminh0412 mentioned this pull request Jan 9, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@reasonerjt reasonerjt

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@toanhminh0412 @reasonerjt