ignore file doesn't apply on k8s scan

[itaysk]

Description

using trivy ignore file with Kubernetes scanning doesn't work, meaning results are not being ignored

Desired Behavior

ignore file should work on all targets, or documented as not working

Actual Behavior

ignore file did not ignore vulnerabilities in k8s image scanning

Reproduction Steps

1. `trivy image test --ignorefile ./myignore.yaml` -> vulnerabilities are ignored
2. `trivy k8s --ignorefile ./myignore.yaml` -> vulnerabilities are not ignored

Target

Kubernetes

Scanner

Vulnerability

Output Format

None

Mode

None

Debug Output

~/dev/trivy-demo/appy/deploy ❯ trivy k8s --report all --include-namespaces appy --severity HIGH --ignorefile "$demodir/backend/trivyignore.yaml" --debug
2024-10-07T14:26:36+03:00       DEBUG   No plugins loaded
2024-10-07T14:26:36+03:00       DEBUG   Default config file "file_path=trivy.yaml" not found, using built in values
2024-10-07T14:26:36+03:00       DEBUG   Cache dir       dir="/Users/itaysk/Library/Caches/trivy"
2024-10-07T14:26:36+03:00       DEBUG   Cache dir       dir="/Users/itaysk/Library/Caches/trivy"
2024-10-07T14:26:36+03:00       DEBUG   Parsed severities       severities=[HIGH]
2024-10-07T14:26:36+03:00       DEBUG   Ignore statuses statuses=[]
2024-10-07T14:26:38+03:00       INFO    Node scanning is enabled
2024-10-07T14:26:38+03:00       INFO    If you want to disable Node scanning via an in-cluster Job, please try '--disable-node-collector' to disable the Node-Collector job.
2024-10-07T14:26:38+03:00       DEBUG   DB update was skipped because the local DB is the latest
2024-10-07T14:26:38+03:00       DEBUG   DB info schema=2 updated_at=2024-10-07T06:17:04.462736974Z next_update=2024-10-08T06:17:04.462736814Z downloaded_at=2024-10-07T09:25:56.846879Z
6 / 6 [-------------------------------------------------------------------------------------------------------------------------------------] 100.00% 1 p/s

namespace: appy, deployment: appy-backend

Total: 2 (HIGH: 2)

┌────────────┬───────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────┐
│  Library   │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │                         Title                          │
├────────────┼───────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────┤
│ libcrypto3 │ CVE-2023-5363 │ HIGH     │ fixed  │ 3.1.3-r0          │ 3.1.4-r0      │ openssl: Incorrect cipher key and IV length processing │
│            │               │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2023-5363              │
├────────────┤               │          │        │                   │               │                                                        │
│ libssl3    │               │          │        │                   │               │                                                        │
│            │               │          │        │                   │               │                                                        │
└────────────┴───────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────┘

...

Operating System

MacOS

Version

Version: 0.55.2
Vulnerability DB:
  Version: 2
  UpdatedAt: 2024-10-07 06:17:04.462736974 +0000 UTC
  NextUpdate: 2024-10-08 06:17:04.462736814 +0000 UTC
  DownloadedAt: 2024-10-07 09:25:56.846879 +0000 UTC
Check Bundle:
  Digest: sha256:ef2d9ad4fce0f933b20a662004d7e55bf200987c180e7f2cd531af631f408bb3
  DownloadedAt: 2024-10-07 10:33:31.13529 +0000 UTC

Checklist

• Run trivy clean --all
• Read the troubleshooting