trivyignores does not support yaml/json and non-yaml files

[gamethis]

Issue

The current version of the trivy action does not take into account that Trivy only supports YAML/JSON if the file has the suffix .yaml|.json
so when you put the following into the action parameters

trivyignores: "./.trivyignore.yaml"

it makes a file that is with out a .yaml|.json ending. This as a result makes trivy not read the file and ignore the input.

reproduction of issue

I have created a repo with the files to demonstrate this

https://github.com/gamethis/trivy_issues

you can see the scenario by running trivy.sh it will work.
if you run trivy_fail.sh it will simulate what the action does currently and will fail.

Desired Action outcome

Would like to see an action updated to either check for yaml|json and add another --ignorefile .trivyignores.yaml to use
or an input parameter that will allow for yaml|json style ignore files.

[cswilliams]

I would also love to see this added. I would like to use the --ignorefile option for ignoring some false positives from the secret scanner. While I could use the non yaml .trivyignore, it doesn't support ignoring by file path like the yaml version does (but please correct me if I'm wrong).

[tkatila]

Yes please.

[loljawn]

Agreed, would like support for yaml ignore files

Edit: current version is 0.48.1 where yaml support was added 0.45. it should be supported.

[jvassbo]

You can bypass this problem by using configfile trivy-config: trivy.yaml and define ignorefile: .trivyignore.yaml here.

[vdavydenko-asrc-core]

Yeah, this is needed.