.trivyignore.yaml not allow to ignore multiple vulnerabilities ids in the same path #7974
aurochs108
started this conversation in
Bugs
Replies: 1 comment
-
|
hi @aurochs108 can you give us a test input for which we can try to reproduce this issue? The way you've passed in the ignore file seems correct to me. For example: $ cat .trivyignore.yaml
vulnerabilities:
- id: CVE-2022-40897
paths:
- "usr/local/lib/python3.9/site-packages/setuptools-58.1.0.dist-info/METADATA"
statement: Accept the risk
- id: CVE-2023-2650
- id: CVE-2023-3446
- id: CVE-2023-3817
purls:
- "pkg:deb/debian/libssl1.1"
- id: CVE-2023-29491
expired_at: 2023-09-01 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Description
Hello
Desired Behavior
All of the ids should be ignored.
Actual Behavior
Trivy ignores only one of those ids, rest of them are still visible in raport.
Reproduction Steps
What was used: - trivy scan fs - https://trivy.dev/v0.54/docs/coverage/language/swift/ - https://trivy.dev/v0.54/docs/coverage/language/ruby/ .trivyignore.yaml configuration: - id: CVE-2023-22796 paths: - "SPM_Sources/checkouts/Cuckoo/Gemfile.lock" - id: CVE-2022-21223 paths: - "SPM_Sources/checkouts/Cuckoo/Gemfile.lock" - id: CVE-2022-24440 paths: - "SPM_Sources/checkouts/Cuckoo/Gemfile.lock" - id: CVE-2022-32511 paths: - "SPM_Sources/checkouts/Cuckoo/Gemfile.lock" - id: CVE-2024-49761 paths: - "SPM_Sources/checkouts/Cuckoo/Gemfile.lock" - id: CVE-2024-47220 paths: - "SPM_Sources/checkouts/Cuckoo/Gemfile.lock"Operating System
MacOS 15
Version
Checklist
trivy clean --allBeta Was this translation helpful? Give feedback.
All reactions