result

package
v0.58.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 3, 2024 License: Apache-2.0 Imports: 23 Imported by: 4

Documentation

Index

Constants

View Source
const (
	// DefaultIgnoreFile is the file name to be evaluated
	DefaultIgnoreFile = ".trivyignore"
)

Variables

This section is empty.

Functions

func Filter added in v0.29.0

func Filter(ctx context.Context, report types.Report, opts FilterOptions) error

Filter filters out the report

func FilterResult added in v0.41.0

func FilterResult(ctx context.Context, result *types.Result, ignoreConf IgnoreConfig, opt FilterOptions) error

FilterResult filters out the result

Types

type FilterOptions added in v0.54.0

type FilterOptions struct {
	Severities         []dbTypes.Severity
	IgnoreStatuses     []dbTypes.Status
	IncludeNonFailures bool
	IgnoreFile         string
	PolicyFile         string
	IgnoreLicenses     []string
	CacheDir           string
	VEXSources         []vex.Source
}

type IgnoreConfig added in v0.45.0

type IgnoreConfig struct {
	FilePath          string
	Vulnerabilities   IgnoreFindings `yaml:"vulnerabilities"`
	Misconfigurations IgnoreFindings `yaml:"misconfigurations"`
	Secrets           IgnoreFindings `yaml:"secrets"`
	Licenses          IgnoreFindings `yaml:"licenses"`
}

IgnoreConfig represents the structure of .trivyignore.yaml.

func ParseIgnoreFile added in v0.51.0

func ParseIgnoreFile(ctx context.Context, ignoreFile string) (IgnoreConfig, error)

func (*IgnoreConfig) MatchLicense added in v0.50.0

func (c *IgnoreConfig) MatchLicense(licenseID, filePath string) *IgnoreFinding

func (*IgnoreConfig) MatchMisconfiguration added in v0.50.0

func (c *IgnoreConfig) MatchMisconfiguration(misconfID, avdID, filePath string) *IgnoreFinding

func (*IgnoreConfig) MatchSecret added in v0.50.0

func (c *IgnoreConfig) MatchSecret(secretID, filePath string) *IgnoreFinding

func (*IgnoreConfig) MatchVulnerability added in v0.50.0

func (c *IgnoreConfig) MatchVulnerability(vulnID, filePath, pkgPath string, pkg *packageurl.PackageURL) *IgnoreFinding

type IgnoreFinding added in v0.45.0

type IgnoreFinding struct {
	// ID is the identifier of the vulnerability, misconfiguration, secret, or license.
	// e.g. CVE-2019-8331, AVD-AWS-0175, etc.
	// required: true
	ID string `yaml:"id"`

	// Paths is the list of file paths to ignore.
	// If Paths is not set, the ignore finding is applied to all files.
	// required: false
	Paths []string `yaml:"paths"`

	// PURLs is the list of packages to ignore.
	// If PURLs is not set, the ignore finding is applied to packages.
	// The field is currently available only for vulnerabilities.
	// required: false
	PURLs []*purl.PackageURL `yaml:"-"` // Filled in UnmarshalYAML

	// ExpiredAt is the expiration date of the ignore finding.
	// If ExpiredAt is not set, the ignore finding is always valid.
	// required: false
	ExpiredAt time.Time `yaml:"expired_at"`

	// Statement describes the reason for ignoring the finding.
	// required: false
	Statement string `yaml:"statement"`
}

IgnoreFinding represents an item to be ignored.

func (*IgnoreFinding) UnmarshalYAML added in v0.50.0

func (i *IgnoreFinding) UnmarshalYAML(value *yaml.Node) error

UnmarshalYAML is a custom unmarshaler for IgnoreFinding that handles the conversion of PURLs from strings to purl.PackageURL objects.

type IgnoreFindings added in v0.45.0

type IgnoreFindings []IgnoreFinding

func (*IgnoreFindings) Match added in v0.45.0

func (f *IgnoreFindings) Match(id, path string, pkg *packageurl.PackageURL) *IgnoreFinding

func (*IgnoreFindings) Prune added in v0.50.0

func (f *IgnoreFindings) Prune(ctx context.Context)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL