result

package
v0.50.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 27, 2024 License: Apache-2.0 Imports: 26 Imported by: 3

Documentation

Index

Constants

View Source 
const (
	// DefaultIgnoreFile is the file name to be evaluated
	DefaultIgnoreFile = ".trivyignore"
)

Variables

This section is empty.

Functions

func Filter added in v0.29.0 

func Filter(ctx context.Context, report types.Report, opt FilterOption) error

Filter filters out the report

func FilterResult added in v0.41.0 

func FilterResult(ctx context.Context, result *types.Result, ignoreConf IgnoreConfig, opt FilterOption) error

FilterResult filters out the result

Types

type FilterOption added in v0.41.0 

type FilterOption struct {
	Severities         []dbTypes.Severity
	IgnoreStatuses     []dbTypes.Status
	IncludeNonFailures bool
	IgnoreFile         string
	PolicyFile         string
	IgnoreLicenses     []string
	VEXPath            string
}

type IgnoreConfig added in v0.45.0 

type IgnoreConfig struct {
	FilePath          string
	Vulnerabilities   IgnoreFindings `yaml:"vulnerabilities"`
	Misconfigurations IgnoreFindings `yaml:"misconfigurations"`
	Secrets           IgnoreFindings `yaml:"secrets"`
	Licenses          IgnoreFindings `yaml:"licenses"`
}

IgnoreConfig represents the structure of .trivyignore.yaml.

func (*IgnoreConfig) MatchLicense added in v0.50.0 

func (c *IgnoreConfig) MatchLicense(licenseID, filePath string) *IgnoreFinding

func (*IgnoreConfig) MatchMisconfiguration added in v0.50.0 

func (c *IgnoreConfig) MatchMisconfiguration(misconfID, avdID, filePath string) *IgnoreFinding

func (*IgnoreConfig) MatchSecret added in v0.50.0 

func (c *IgnoreConfig) MatchSecret(secretID, filePath string) *IgnoreFinding

func (*IgnoreConfig) MatchVulnerability added in v0.50.0 

func (c *IgnoreConfig) MatchVulnerability(vulnID, filePath, pkgPath string, pkg *packageurl.PackageURL) *IgnoreFinding

type IgnoreFinding added in v0.45.0 

type IgnoreFinding struct {
	// ID is the identifier of the vulnerability, misconfiguration, secret, or license.
	// e.g. CVE-2019-8331, AVD-AWS-0175, etc.
	// required: true
	ID string `yaml:"id"`

	// Paths is the list of file paths to ignore.
	// If Paths is not set, the ignore finding is applied to all files.
	// required: false
	Paths []string `yaml:"paths"`

	// PURLs is the list of packages to ignore.
	// If PURLs is not set, the ignore finding is applied to packages.
	// The field is currently available only for vulnerabilities.
	// required: false
	PURLs []*purl.PackageURL `yaml:"-"` // Filled in UnmarshalYAML

	// ExpiredAt is the expiration date of the ignore finding.
	// If ExpiredAt is not set, the ignore finding is always valid.
	// required: false
	ExpiredAt time.Time `yaml:"expired_at"`

	// Statement describes the reason for ignoring the finding.
	// required: false
	Statement string `yaml:"statement"`
}

IgnoreFinding represents an item to be ignored.

func (*IgnoreFinding) UnmarshalYAML added in v0.50.0 

func (i *IgnoreFinding) UnmarshalYAML(value *yaml.Node) error

UnmarshalYAML is a custom unmarshaler for IgnoreFinding that handles the conversion of PURLs from strings to purl.PackageURL objects.

type IgnoreFindings added in v0.45.0 

type IgnoreFindings []IgnoreFinding

func (*IgnoreFindings) Match added in v0.45.0 

func (f *IgnoreFindings) Match(id, path string, pkg *packageurl.PackageURL) *IgnoreFinding

func (*IgnoreFindings) Prune added in v0.50.0 

func (f *IgnoreFindings) Prune(ctx context.Context)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.