ci(Trivy): Port .trivyignore to .trivyignore.yaml

Use the more expressive YAML config format recently introduced in v0.45.0.
ScribeMD · Dec 22, 2023 · 901ceca · 901ceca
1 parent e481e63
commit 901ceca
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 2 deletions.
diff --git a/.dictionary.txt b/.dictionary.txt
@@ -1,4 +1,7 @@
+Dockerfiles
+ignorefile
 Laven
 npmcli
 npmpackagejsonlintignore
+trivy
 trivyignore
diff --git a/.mega-linter.yaml b/.mega-linter.yaml
@@ -1,6 +1,7 @@
 EXTENDS: https://raw.githubusercontent.com/ScribeMD/.github/0.14.15/.github/base.mega-linter.yaml
 JAVASCRIPT_ES_CLI_EXECUTABLE: [node, .yarn/releases/yarn-4.0.2.cjs, run, eslint]
 # Work around https://github.com/oxsecurity/megalinter/issues/2500.
+REPOSITORY_TRIVY_ARGUMENTS: --ignorefile .trivyignore.yaml
 SPELL_CSPELL_PRE_COMMANDS:
   - command: npm install @cspell/[email protected]
     continue_if_failed: false

diff --git a/.trivyignore b/.trivyignore
diff --git a/.trivyignore.yaml b/.trivyignore.yaml
@@ -0,0 +1,11 @@
+misconfigurations:
+  - id: AVD-DS-0002
+    paths:
+      - Dockerfile
+      - Dockerfile.windows
+    statement: Dockerfiles only used for testing, so it's okay that user is root.
+  - id: AVD-DS-0026
+    paths:
+      - Dockerfile
+      - Dockerfile.windows
+    statement: Dockerfiles only used for testing, so health check isn't needed.