feat(helm): make .trivyignore file a configurable value (#885)

aquasecurity · Jan 5, 2022 · c384c33 · c384c33
1 parent df182b7
commit c384c33
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 1 deletion.
diff --git a/deploy/helm/Chart.yaml b/deploy/helm/Chart.yaml
@@ -6,7 +6,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.8.2
+version: 0.8.3
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/deploy/helm/templates/config.yaml b/deploy/helm/templates/config.yaml
@@ -53,6 +53,10 @@ data:
   trivy.severity: {{ .severity | quote }}
   {{- if .ignoreUnfixed }}
   trivy.ignoreUnfixed: {{ .ignoreUnfixed | quote }}
+  {{- end }}
+  {{- with .ignoreFile }}
+  trivy.ignoreFile: |
+{{- . | trim | nindent 4 }}
   {{- end }}
   {{- if eq .mode "ClientServer" }}
   trivy.serverURL: {{ required ".Values.trivy.serverURL is required" .serverURL | quote }}

diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml
@@ -110,6 +110,12 @@ trivy:
   #
   ignoreUnfixed: "false"
 
+  # ignoreFile can be used to tell Trivy to ignore vulnerabilities by ID (one per line)
+  #
+  # ignoreFile: |
+  #   CVE-1970-0001
+  #   CVE-1970-0002
+
   # resources resource requests and limits
   resources:
     requests: