add trivy ignores file

dell · May 28, 2024 · 3cef45e · 3cef45e
1 parent 8fa9638
commit 3cef45e
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 4 deletions.
diff --git a/.github/containerscan/allowedlist.yaml b/.github/containerscan/allowedlist.yaml
diff --git a/.github/workflows/.trivyignore b/.github/workflows/.trivyignore
@@ -0,0 +1,5 @@
+# do not have the fix, https://avd.aquasec.com/nvd/cve-2024-2961 
+CVE-2024-2961
+
+# fix is not yet available, https://nvd.nist.gov/vuln/detail/CVE-2024-33599
+CVE-2024-33599
diff --git a/.github/workflows/actions.yaml b/.github/workflows/actions.yaml
@@ -120,31 +120,36 @@ jobs:
           severity: 'HIGH,CRITICAL'
           ignore-unfixed: true
           exit-code: '1'
+          trivyignores: '.trivyignore'
       - name: Scan Role Service
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: role-service:${{ env.podman_tag }}
           severity: 'HIGH,CRITICAL'
           ignore-unfixed: true
           exit-code: '1'
+          trivyignores: '.trivyignore'
       - name: Scan Tenant Service
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: tenant-service:${{ env.podman_tag }}
           severity: 'HIGH,CRITICAL'
           ignore-unfixed: true
           exit-code: '1'
+          trivyignores: '.trivyignore'
       - name: Scan SideCar Proxy
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: sidecar-proxy:${{ env.sidecar_tag }}
           severity: 'HIGH,CRITICAL'
           ignore-unfixed: true
           exit-code: '1'
+          trivyignores: '.trivyignore'
       - name: Scan Storage Service
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: storage-service:${{ env.podman_tag }}
           severity: 'HIGH,CRITICAL'
           ignore-unfixed: true
           exit-code: '1'
+          trivyignores: '.trivyignore'