From 901ceca771c77fcca6b65658af7d0cc4638e3dce Mon Sep 17 00:00:00 2001 From: Kurt von Laven Date: Mon, 16 Oct 2023 14:44:34 -0700 Subject: [PATCH] ci(Trivy): Port .trivyignore to .trivyignore.yaml Use the more expressive YAML config format recently introduced in v0.45.0. --- .dictionary.txt | 3 +++ .mega-linter.yaml | 1 + .trivyignore | 2 -- .trivyignore.yaml | 11 +++++++++++ 4 files changed, 15 insertions(+), 2 deletions(-) delete mode 100644 .trivyignore create mode 100644 .trivyignore.yaml diff --git a/.dictionary.txt b/.dictionary.txt index cf764424..ca3f643e 100644 --- a/.dictionary.txt +++ b/.dictionary.txt @@ -1,4 +1,7 @@ +Dockerfiles +ignorefile Laven npmcli npmpackagejsonlintignore +trivy trivyignore diff --git a/.mega-linter.yaml b/.mega-linter.yaml index 080fdb16..ba0f2a3e 100644 --- a/.mega-linter.yaml +++ b/.mega-linter.yaml @@ -1,6 +1,7 @@ EXTENDS: https://raw.githubusercontent.com/ScribeMD/.github/0.14.15/.github/base.mega-linter.yaml JAVASCRIPT_ES_CLI_EXECUTABLE: [node, .yarn/releases/yarn-4.0.2.cjs, run, eslint] # Work around https://github.com/oxsecurity/megalinter/issues/2500. +REPOSITORY_TRIVY_ARGUMENTS: --ignorefile .trivyignore.yaml SPELL_CSPELL_PRE_COMMANDS: - command: npm install @cspell/dict-win32@2.0.2 continue_if_failed: false diff --git a/.trivyignore b/.trivyignore deleted file mode 100644 index 6639d8bd..00000000 --- a/.trivyignore +++ /dev/null @@ -1,2 +0,0 @@ -AVD-DS-0002 # Dockerfile only used for testing, so it's okay that user is root. -AVD-DS-0026 # Dockerfile only used for testing, so health check isn't needed. diff --git a/.trivyignore.yaml b/.trivyignore.yaml new file mode 100644 index 00000000..34d0ab6e --- /dev/null +++ b/.trivyignore.yaml @@ -0,0 +1,11 @@ +misconfigurations: + - id: AVD-DS-0002 + paths: + - Dockerfile + - Dockerfile.windows + statement: Dockerfiles only used for testing, so it's okay that user is root. + - id: AVD-DS-0026 + paths: + - Dockerfile + - Dockerfile.windows + statement: Dockerfiles only used for testing, so health check isn't needed.