Skip to content

imagescan: Add support for per project/group ignore of specific CVEs

Morten Knutsen requested to merge mk_add_support_for_trivyignore into master

We will encounter situations where a critical vulnerability exists, has a fixed version, but for some reason getting that fix in is difficult (an example could be upstream library deps that have not yet been fixed). In some of those cases, we know that the vulnerability does not impact the project due to the way it is used.

This MR makes it possible for a project/group to set a variable TRIVY_IGNORE_LIST to a string with a space separated list of specific CVEs that should be ignore. They will then be added to a .trivyignore file before scanning.

Merge request reports