docs(report): add remark about path to filter licenses using `.triv…

…yignore.yaml` file (#6145)
aquasecurity · Feb 16, 2024 · 32a02a9 · 32a02a9
1 parent fb79ea7
commit 32a02a9
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/docs/docs/configuration/filtering.md b/docs/docs/configuration/filtering.md
@@ -338,7 +338,7 @@ Available fields:
 | Field      | Required | Type                | Description                                                                                                |
 |------------|:--------:|---------------------|------------------------------------------------------------------------------------------------------------|
 | id         |    ✓     | string              | The identifier of the vulnerability, misconfiguration, secret, or license[^1].                             |
-| paths      |          | string array        | The list of file paths to be ignored. If `paths` is not set, the ignore finding is applied to all files.   |
+| paths[^2]  |          | string array        | The list of file paths to be ignored. If `paths` is not set, the ignore finding is applied to all files.   |
 | expired_at |          | date (`yyyy-mm-dd`) | The expiration date of the ignore finding. If `expired_at` is not set, the ignore finding is always valid. |
 | statement  |          | string              | The reason for ignoring the finding. (This field is not used for filtering.)                               |
 
@@ -490,4 +490,5 @@ You can find more example policies [here](https://github.com/aquasecurity/trivy/
 Please refer to the [VEX documentation](../supply-chain/vex.md) for the details.
 
 
-[^1]: license name is used as id for `.trivyignore.yaml` files
+[^1]: license name is used as id for `.trivyignore.yaml` files.
+[^2]: This doesn't work for package licenses. The `path` field can only be used for license files (licenses obtained using the [--license-full flag](../scanner/license.md#full-scanning)).