trivyignore, ignore-unfixed

2025-08-08 14:46:08 +00:00 · 2025-08-08 14:46:08 +00:00 · bcdcdfec41
commit bcdcdfec41
parent f654e0265f
2 changed files with 5 additions and 4 deletions
--- a/.trivyignore
+++ b/.trivyignore
@ -0,0 +1 @@
+CVE-2023-45853
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@ -22,10 +22,10 @@ steps:

        gcloud auth configure-docker us-central1-docker.pkg.dev -q

-        trivy image --scanners vuln --exit-code 1 --severity CRITICAL $REG/server1:$IMG_TAG
-        trivy image --scanners vuln --exit-code 1 --severity CRITICAL $REG/server2:$IMG_TAG
-        trivy image --scanners vuln --exit-code 1 --severity CRITICAL $REG/server3:$IMG_TAG
-        trivy image --scanners vuln --exit-code 1 --severity CRITICAL $REG/nginx:$IMG_TAG
+        trivy image --scanners vuln --ignore-unfixed --ignorefile .trivyignore --exit-code 1 --severity CRITICAL $REG/server1:$IMG_TAG
+        trivy image --scanners vuln --ignore-unfixed --ignorefile .trivyignore --exit-code 1 --severity CRITICAL $REG/server2:$IMG_TAG
+        trivy image --scanners vuln --ignore-unfixed --ignorefile .trivyignore --exit-code 1 --severity CRITICAL $REG/server3:$IMG_TAG
+        trivy image --scanners vuln --ignore-unfixed --ignorefile .trivyignore --exit-code 1 --severity CRITICAL $REG/nginx:$IMG_TAG


  - name: staging-deploy