Add support to ignore by package instead of by id #6118
Closed
Patrick-Remy
started this conversation in
Ideas
Replies: 2 comments
-
|
May be possible if rego is supported for licenses #6004 |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Thanks for your suggestion. I think using PURL makes more sense. I created #6119 for tracking. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Description
With the great new support for
.trivyignore.yamlfiles #5070 , it is easily possible to ignore certain Licenses onnly for a specified path.In my case I would like to ignore a certain license by package name. Use cases are:
UNLICENSED, which is recommended in https://docs.npmjs.com/cli/v10/configuring-npm/package-json#licenseCurrently it is only possible to use the license-id as
idinside the ignorefile, which would ignore e.g.UNLICENSEDfor all dependencies.Same could affect for vulnarabilites where you want to accept a risk only for a certained, checked package that does not affect you.
Is there currently any workaround? How dow you think about it?
/cc @knqyf263
Target
None
Scanner
License
Beta Was this translation helpful? Give feedback.
All reactions