Documentation ¶
Index ¶
- Constants
- func Filter(ctx context.Context, report types.Report, opt FilterOption) error
- func FilterResult(ctx context.Context, result *types.Result, ignoreConf IgnoreConfig, ...) error
- type FilterOption
- type IgnoreConfig
- func (c *IgnoreConfig) MatchLicense(licenseID, filePath string) *IgnoreFinding
- func (c *IgnoreConfig) MatchMisconfiguration(misconfID, avdID, filePath string) *IgnoreFinding
- func (c *IgnoreConfig) MatchSecret(secretID, filePath string) *IgnoreFinding
- func (c *IgnoreConfig) MatchVulnerability(vulnID, filePath, pkgPath string, pkg *packageurl.PackageURL) *IgnoreFinding
- type IgnoreFinding
- type IgnoreFindings
Constants ¶
View Source
const (
// DefaultIgnoreFile is the file name to be evaluated
DefaultIgnoreFile = ".trivyignore"
)
Variables ¶
This section is empty.
Functions ¶
func FilterResult ¶ added in v0.41.0
func FilterResult(ctx context.Context, result *types.Result, ignoreConf IgnoreConfig, opt FilterOption) error
FilterResult filters out the result
Types ¶
type FilterOption ¶ added in v0.41.0
type IgnoreConfig ¶ added in v0.45.0
type IgnoreConfig struct { FilePath string Vulnerabilities IgnoreFindings `yaml:"vulnerabilities"` Misconfigurations IgnoreFindings `yaml:"misconfigurations"` Secrets IgnoreFindings `yaml:"secrets"` Licenses IgnoreFindings `yaml:"licenses"` }
IgnoreConfig represents the structure of .trivyignore.yaml.
func (*IgnoreConfig) MatchLicense ¶ added in v0.50.0
func (c *IgnoreConfig) MatchLicense(licenseID, filePath string) *IgnoreFinding
func (*IgnoreConfig) MatchMisconfiguration ¶ added in v0.50.0
func (c *IgnoreConfig) MatchMisconfiguration(misconfID, avdID, filePath string) *IgnoreFinding
func (*IgnoreConfig) MatchSecret ¶ added in v0.50.0
func (c *IgnoreConfig) MatchSecret(secretID, filePath string) *IgnoreFinding
func (*IgnoreConfig) MatchVulnerability ¶ added in v0.50.0
func (c *IgnoreConfig) MatchVulnerability(vulnID, filePath, pkgPath string, pkg *packageurl.PackageURL) *IgnoreFinding
type IgnoreFinding ¶ added in v0.45.0
type IgnoreFinding struct { // ID is the identifier of the vulnerability, misconfiguration, secret, or license. // e.g. CVE-2019-8331, AVD-AWS-0175, etc. // required: true ID string `yaml:"id"` // Paths is the list of file paths to ignore. // If Paths is not set, the ignore finding is applied to all files. // required: false Paths []string `yaml:"paths"` // PURLs is the list of packages to ignore. // If PURLs is not set, the ignore finding is applied to packages. // The field is currently available only for vulnerabilities. // required: false PURLs []*purl.PackageURL `yaml:"-"` // Filled in UnmarshalYAML // ExpiredAt is the expiration date of the ignore finding. // If ExpiredAt is not set, the ignore finding is always valid. // required: false ExpiredAt time.Time `yaml:"expired_at"` // Statement describes the reason for ignoring the finding. // required: false Statement string `yaml:"statement"` }
IgnoreFinding represents an item to be ignored.
func (*IgnoreFinding) UnmarshalYAML ¶ added in v0.50.0
func (i *IgnoreFinding) UnmarshalYAML(value *yaml.Node) error
UnmarshalYAML is a custom unmarshaler for IgnoreFinding that handles the conversion of PURLs from strings to purl.PackageURL objects.
type IgnoreFindings ¶ added in v0.45.0
type IgnoreFindings []IgnoreFinding
func (*IgnoreFindings) Match ¶ added in v0.45.0
func (f *IgnoreFindings) Match(id, path string, pkg *packageurl.PackageURL) *IgnoreFinding
func (*IgnoreFindings) Prune ¶ added in v0.50.0
func (f *IgnoreFindings) Prune(ctx context.Context)
Click to show internal directories.
Click to hide internal directories.