From 3cef45e00dd3fda9ea28b6bc5c77404dbf35f85a Mon Sep 17 00:00:00 2001
From: root <shayna_finocchiaro@dell.com>
Date: Tue, 28 May 2024 14:54:21 +0000
Subject: [PATCH] add trivy ignores file

---
 .github/containerscan/allowedlist.yaml | 4 ----
 .github/workflows/.trivyignore         | 5 +++++
 .github/workflows/actions.yaml         | 5 +++++
 3 files changed, 10 insertions(+), 4 deletions(-)
 delete mode 100644 .github/containerscan/allowedlist.yaml
 create mode 100644 .github/workflows/.trivyignore

diff --git a/.github/containerscan/allowedlist.yaml b/.github/containerscan/allowedlist.yaml
deleted file mode 100644
index 5e33bb56..00000000
--- a/.github/containerscan/allowedlist.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-general:
-  vulnerabilities:
-    - CVE-2024-2961 # do not have the fix , https://avd.aquasec.com/nvd/cve-2024-2961 
-    - CVE-2024-33599 # fix is not yet available , https://nvd.nist.gov/vuln/detail/CVE-2024-33599 
diff --git a/.github/workflows/.trivyignore b/.github/workflows/.trivyignore
new file mode 100644
index 00000000..ed3f231d
--- /dev/null
+++ b/.github/workflows/.trivyignore
@@ -0,0 +1,5 @@
+# do not have the fix, https://avd.aquasec.com/nvd/cve-2024-2961 
+CVE-2024-2961
+
+# fix is not yet available, https://nvd.nist.gov/vuln/detail/CVE-2024-33599
+CVE-2024-33599
diff --git a/.github/workflows/actions.yaml b/.github/workflows/actions.yaml
index 6b451702..fe2dc003 100644
--- a/.github/workflows/actions.yaml
+++ b/.github/workflows/actions.yaml
@@ -120,6 +120,7 @@ jobs:
           severity: 'HIGH,CRITICAL'
           ignore-unfixed: true
           exit-code: '1'
+          trivyignores: '.trivyignore'
       - name: Scan Role Service
         uses: aquasecurity/trivy-action@master
         with:
@@ -127,6 +128,7 @@ jobs:
           severity: 'HIGH,CRITICAL'
           ignore-unfixed: true
           exit-code: '1'
+          trivyignores: '.trivyignore'
       - name: Scan Tenant Service
         uses: aquasecurity/trivy-action@master
         with:
@@ -134,6 +136,7 @@ jobs:
           severity: 'HIGH,CRITICAL'
           ignore-unfixed: true
           exit-code: '1'
+          trivyignores: '.trivyignore'
       - name: Scan SideCar Proxy
         uses: aquasecurity/trivy-action@master
         with:
@@ -141,6 +144,7 @@ jobs:
           severity: 'HIGH,CRITICAL'
           ignore-unfixed: true
           exit-code: '1'
+          trivyignores: '.trivyignore'
       - name: Scan Storage Service
         uses: aquasecurity/trivy-action@master
         with:
@@ -148,3 +152,4 @@ jobs:
           severity: 'HIGH,CRITICAL'
           ignore-unfixed: true
           exit-code: '1'
+          trivyignores: '.trivyignore'