You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Just for context, I was thinking we can approach this in a few ways:
(this issue) Scenario: Teams wants to patch an image ASAP but there are failures for some reason, but it's better to have something than nothing. This is where the flag comes in for fast resolution.
For the flag, should we align with flags that already exists in other tools? For example, GH calls this continue-on-error and make has --ignore-errors. What do you think?
([DOC] filtering vulns with trivy #214) Scenario: There is a known failure for some reason. So teams just want to ignore that CVE/package in their CI instead of ignoring all errors. This is more documentation on how to create policy to create filters with scanner tooling.
Yes. I think if we align with the existing flags from tools that already exist, that would be a better option. Both of them sounds good to me. I'll proceed with --ignore-errors flag for now. Let me know if you want me to name it something else.
What kind of request is this?
New feature
What is your request or suggestion?
today, we fail patching if any package fails to patch
if patching fails for a package for whatever reason, we might want to continue anyway to produce an image
The text was updated successfully, but these errors were encountered: