add ignore for trivy root user check

SMI · Nov 19, 2024 · e8500b7 · e8500b7
1 parent 9e87466
commit e8500b7
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 0 deletions.
diff --git a/bin/trivy-image-scan.bash b/bin/trivy-image-scan.bash
@@ -37,6 +37,7 @@ docker run \
     "${TRIVY_IMG}" \
         image \
         --config "/repo/configs/${config}" \
+        --ignorefile /repo/configs/.trivyignore \
         --format table \
         --output /reports/trivy-cve.txt \
         "${image}"
@@ -51,6 +52,7 @@ docker run \
     "${TRIVY_IMG}" \
         image \
         --config "/repo/configs/${config}" \
+        --ignorefile /repo/configs/.trivyignore \
         --format cyclonedx \
         --output /reports/trivy-sbom.json \
         "${image}"
diff --git a/bin/trivy-misconfig-dockerfile.bash b/bin/trivy-misconfig-dockerfile.bash
@@ -27,5 +27,6 @@ docker run \
     ghcr.io/aquasecurity/trivy:latest \
         config \
         --config "/repo/configs/${config}" \
+        --ignorefile /repo/configs/.trivyignore \
         "/repo/${dockerfile}"
 
diff --git a/configs/.trivyignore b/configs/.trivyignore
@@ -0,0 +1 @@
+AVD-DS-0002 # Image user should not be root