Configuring "Ignoring vulnerabilities" in workflow #108
Comments
|
This issue is idle because it has been open for 14 days with no activity. |
|
any update on this? |
|
We currently support an ignore file in the path |
ajinkya599
added
enhancement
|
@ajinkya599 , v1-proposal addresses the second scenario in my request but not the the first one, unless we include the image tag/version in the general:
vulnerabilities:
- CVE-2003-1307
image-name-1@latest:
vulnerabilities:
- CVE-2003-2207
image-name-1@v1:
vulnerabilities:
- CVE-2003-3232
image-name-1@v2:
- ... To explain our situation: Separating the older images workflow from the latest one that is under development can be a workaround for this issue but it seems too much work compare to just being able to set a path (or inline list) for the action. |
|
This issue is idle because it has been open for 14 days with no activity. |
|
A per image option would be useful but even better to include in the inputs. Having a single file currently is not really flexible enough. |
|
This issue is idle because it has been open for 14 days with no activity. |
|
Trivy also supports ignoring unfixed vulnerabilities which would be useful |
|
This issue is idle because it has been open for 14 days with no activity. |
|
I wonder if there's any change for this? These are fair scenarios. |
|
This issue is idle because it has been open for 14 days with no activity. |
It would be a nice option to let user configure the list of
vulnerabilities to ignoreas action input. this can be either inline or the path to a file that contains the list.either:
or:
Scenario 1: Using the same workflow against multiple versions of the same image, one might want to ignore some vulnerabilities in older versions but not in the latest one for example.
Scenario 2: Using the action multiple times for different images in a single repo/workflow, one might one to ignore some vulnerabilities for one image not the other ones.
The text was updated successfully, but these errors were encountered: