Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Specify the type of finding to ignore via Rego #6450

Open
nikpivkin opened this issue Apr 3, 2024 · 0 comments
Open

Specify the type of finding to ignore via Rego #6450

nikpivkin opened this issue Apr 3, 2024 · 0 comments
Labels
kind/feature Categorizes issue or PR as related to a new feature.

Comments

@nikpivkin
Copy link
Contributor

nikpivkin commented Apr 3, 2024
edited

Now ignore policies are applied to each find of a different type, which makes it hard to ignore because some types have fields with the same names. In the example I want to ignore a license by package name, but also ignore a vulnerability because the vulnerability also contains a field with a same name.

Policy:

package trivy

default ignore = false

ignore {
    input.PkgName == "systemd"
}

Run Trivy: trivy image centos:7 --scanners license,vuln -d --ignore-policy test.rego --show-suppressed
@itaysk itaysk added the kind/feature Categorizes issue or PR as related to a new feature. label Apr 8, 2024
@itaysk itaysk changed the title No possibility to specify the type of find to ignore via Rego Specify the type of finding to ignore via Rego Apr 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@itaysk @nikpivkin