You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
using trivy ignore file with Kubernetes scanning doesn't work, meaning results are not being ignored
Desired Behavior
ignore file should work on all targets, or documented as not working
Actual Behavior
ignore file did not ignore vulnerabilities in k8s image scanning
Reproduction Steps
1. `trivy image test --ignorefile ./myignore.yaml` -> vulnerabilities are ignored
2. `trivy k8s --ignorefile ./myignore.yaml` -> vulnerabilities are not ignored
Target
Kubernetes
Scanner
Vulnerability
Output Format
None
Mode
None
Debug Output
~/dev/trivy-demo/appy/deploy ❯ trivy k8s --report all --include-namespaces appy --severity HIGH --ignorefile "$demodir/backend/trivyignore.yaml" --debug
2024-10-07T14:26:36+03:00 DEBUG No plugins loaded
2024-10-07T14:26:36+03:00 DEBUG Default config file "file_path=trivy.yaml" not found, using built in values
2024-10-07T14:26:36+03:00 DEBUG Cache dir dir="/Users/itaysk/Library/Caches/trivy"
2024-10-07T14:26:36+03:00 DEBUG Cache dir dir="/Users/itaysk/Library/Caches/trivy"
2024-10-07T14:26:36+03:00 DEBUG Parsed severities severities=[HIGH]
2024-10-07T14:26:36+03:00 DEBUG Ignore statuses statuses=[]
2024-10-07T14:26:38+03:00 INFO Node scanning is enabled
2024-10-07T14:26:38+03:00 INFO If you want to disable Node scanning via an in-cluster Job, please try '--disable-node-collector' to disable the Node-Collector job.
2024-10-07T14:26:38+03:00 DEBUG DB update was skipped because the local DB is the latest
2024-10-07T14:26:38+03:00 DEBUG DB info schema=2 updated_at=2024-10-07T06:17:04.462736974Z next_update=2024-10-08T06:17:04.462736814Z downloaded_at=2024-10-07T09:25:56.846879Z
6 / 6 [-------------------------------------------------------------------------------------------------------------------------------------] 100.00% 1 p/s
namespace: appy, deployment: appy-backend
Total: 2 (HIGH: 2)
┌────────────┬───────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├────────────┼───────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────┤
│ libcrypto3 │ CVE-2023-5363 │ HIGH │ fixed │ 3.1.3-r0 │ 3.1.4-r0 │ openssl: Incorrect cipher key and IV length processing │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-5363 │
├────────────┤ │ │ │ │ │ │
│ libssl3 │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
└────────────┴───────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────┘
...
Operating System
MacOS
Version
Version: 0.55.2
Vulnerability DB:
Version: 2
UpdatedAt: 2024-10-07 06:17:04.462736974 +0000 UTC
NextUpdate: 2024-10-08 06:17:04.462736814 +0000 UTC
DownloadedAt: 2024-10-07 09:25:56.846879 +0000 UTC
Check Bundle:
Digest: sha256:ef2d9ad4fce0f933b20a662004d7e55bf200987c180e7f2cd531af631f408bb3
DownloadedAt: 2024-10-07 10:33:31.13529 +0000 UTC
kind/bugCategorizes issue or PR as related to a bug.target/kubernetesIssues relating to kubernetes cluster scanning
1 participant
Heading
Bold
Italic
Quote
Code
Link
Numbered list
Unordered list
Task list
Attach files
Mention
Reference
Menu
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Description
using trivy ignore file with Kubernetes scanning doesn't work, meaning results are not being ignored
Desired Behavior
ignore file should work on all targets, or documented as not working
Actual Behavior
ignore file did not ignore vulnerabilities in k8s image scanning
Reproduction Steps
Target
Kubernetes
Scanner
Vulnerability
Output Format
None
Mode
None
Debug Output
Operating System
MacOS
Version
Checklist
trivy clean --all
Beta Was this translation helpful? Give feedback.
All reactions