Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DOC] filtering vulns with trivy #214

Closed
sozercan opened this issue Jul 25, 2023 · 4 comments · Fixed by #251
Closed

[DOC] filtering vulns with trivy #214

sozercan opened this issue Jul 25, 2023 · 4 comments · Fixed by #251
Labels
documentation Improvements or additions to documentation

Comments

@sozercan
Copy link
Member

sozercan commented Jul 25, 2023
edited
Loading

What kind of documentation improvement is needed?

None

What is the change that is needed?

document how to filter vulns using rego policy or ignore file
https://aquasecurity.github.io/trivy/v0.43/docs/configuration/filtering/

example from CI:

copacetic/.github/workflows/build.yml

Lines 112 to 126 in 3e22d49

package trivy
import data.lib.trivy
default ignore = false
ignore_vulnerability_ids := {
# centos 7.6.1810
# bind-license package version "9.11.4-26.P2.el7_9.14" does not exist
"CVE-2023-2828"
}
ignore {
input.VulnerabilityID == ignore_vulnerability_ids[_]
}

@sozercan sozercan added the documentation Improvements or additions to documentation label Jul 25, 2023
@sozercan sozercan mentioned this issue Aug 11, 2023
Closed
@anubhav06
Copy link
Contributor

anubhav06 commented Aug 12, 2023
edited
Loading

Question: This needs to be added to the website docs or the github docs?

@anubhav06
Copy link
Contributor

I've come up with this documentation: https://docs.google.com/document/d/1ZkV2fxmYY2z9EP7FJtNuAS6AF1Kkyg6QfFYJGd5gUng/edit?usp=sharing
Let me know what do you think about it.

@sozercan
Copy link
Member Author

sozercan commented Aug 14, 2023
edited
Loading

Question: This needs to be added to the website docs or the github docs?

Website docs, all user-facing docs should be there.

We should assess docs in github if they need to be moved to website (opened #249).

@sozercan
Copy link
Member Author

I've come up with this documentation: docs.google.com/document/d/1ZkV2fxmYY2z9EP7FJtNuAS6AF1Kkyg6QfFYJGd5gUng/edit?usp=sharing Let me know what do you think about it.

Thanks! Please feel to open a PR for this.

@anubhav06 anubhav06 mentioned this issue Aug 15, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation Improvements or additions to documentation
Projects
Copacetic Workboard
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

docs: filtering vulnerabilities with trivy anubhav06/copacetic
2 participants
@sozercan @anubhav06