Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(misconf): Support --ignore-policy in config scans #5359

Merged
merged 4 commits into from
Oct 23, 2023
Merged

feat(misconf): Support --ignore-policy in config scans #5359

merged 4 commits into from
Oct 23, 2023

Conversation

simar7
Copy link
Member

@simar7 simar7 commented Oct 11, 2023
edited
Loading

Description

Adds support for passing --ignore-policy to ignore misconfiguration results in misconf scanning. Also correctly displays the exception count.

Before

trivy  config  <input>

main.yaml (cloudformation)

Tests: 12 (SUCCESSES: 3, FAILURES: 9, EXCEPTIONS: 0)
Failures: 9 (UNKNOWN: 0, LOW: 2, MEDIUM: 1, HIGH: 6, CRITICAL: 0)

After

trivy   config --ignore-policy=./config-ignore-policy.rego <input>

main.yaml (cloudformation)

Tests: 12 (SUCCESSES: 3, FAILURES: 8, EXCEPTIONS: 1)
Failures: 8 (UNKNOWN: 0, LOW: 2, MEDIUM: 1, HIGH: 5, CRITICAL: 0)

Related issues

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@simar7 simar7 self-assigned this Oct 11, 2023
@simar7
feat(misconf): Support --ignore-policy in config scans
eea7d15 
Signed-off-by: Simar <simar@linux.com>
@simar7 simar7 force-pushed the add-include-policy-to-config branch from 5050ff4 to eea7d15 Compare October 11, 2023 22:46
@simar7
update docs
e40e1d6 
Signed-off-by: Simar <simar@linux.com>
@simar7 simar7 marked this pull request as ready for review October 12, 2023 02:01
@simar7 simar7 requested a review from knqyf263 as a code owner October 12, 2023 02:01
@simar7 simar7 requested a review from nikpivkin October 12, 2023 02:01
knqyf263
knqyf263 reviewed Oct 13, 2023
View reviewed changes
pkg/result/filter.go Outdated Show resolved Hide resolved
nikpivkin
nikpivkin reviewed Oct 13, 2023
View reviewed changes
pkg/flag/options.go Outdated Show resolved Hide resolved
nikpivkin
nikpivkin reviewed Oct 13, 2023
View reviewed changes
pkg/result/filter.go Outdated Show resolved Hide resolved
nikpivkin
nikpivkin requested changes Oct 13, 2023
View reviewed changes
Copy link
Contributor

@nikpivkin nikpivkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

left a few comments

nikpivkin
nikpivkin reviewed Oct 13, 2023
View reviewed changes
pkg/result/filter.go Outdated Show resolved Hide resolved
@simar7 simar7 force-pushed the add-include-policy-to-config branch from 190585b to a0d1e40 Compare October 14, 2023 03:55
@simar7
Copy link
Member Author

simar7 commented Oct 16, 2023

Looks like k8s tests are failing because of disk issues but we have #5387 in place

@simar7 simar7 force-pushed the add-include-policy-to-config branch from a0d1e40 to d70b1cc Compare October 16, 2023 21:00
knqyf263
knqyf263 reviewed Oct 17, 2023
View reviewed changes
pkg/result/filter.go Outdated Show resolved Hide resolved
@simar7 simar7 force-pushed the add-include-policy-to-config branch from 982d261 to 4626583 Compare October 17, 2023 23:13
@simar7
simplify logic
a87414a 
Signed-off-by: Simar <simar@linux.com>
@simar7 simar7 force-pushed the add-include-policy-to-config branch from 4626583 to a87414a Compare October 17, 2023 23:53
@simar7 simar7 requested a review from nikpivkin October 18, 2023 23:04
nikpivkin
nikpivkin approved these changes Oct 23, 2023
View reviewed changes
Copy link
Contributor

@nikpivkin nikpivkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@knqyf263 knqyf263 added this pull request to the merge queue Oct 23, 2023
Merged via the queue into main with commit 01c98d1 Oct 23, 2023
17 checks passed
@knqyf263 knqyf263 deleted the add-include-policy-to-config branch October 23, 2023 08:03
@aqua-bot aqua-bot mentioned this pull request May 29, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knqyf263 knqyf263 knqyf263 approved these changes

@nikpivkin nikpivkin nikpivkin approved these changes

Assignees

@simar7 simar7

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

--ignore-policy unavailable in config target
3 participants
@simar7 @knqyf263 @nikpivkin