Skip to content

Commit

Permalink
docs(misconf): multiple ignores in comment (aquasecurity#5926)
Browse files Browse the repository at this point in the history
  • Loading branch information
commarla authored Jan 12, 2024
1 parent ae134a9 commit a2b6549
Showing 1 changed file with 11 additions and 1 deletion.
12 changes: 11 additions & 1 deletion docs/docs/configuration/filtering.md
Original file line number Diff line number Diff line change
Expand Up @@ -496,7 +496,7 @@ Some configuration file formats (e.g. Terraform) support inline comments.
In cases where trivy can detect comments of a specific format immediately adjacent to resource definitions, it is possible to filter/ignore findings from a single point of resource definition (in contrast to `.trivyignore`, which has a directory-wide scope on all of the files scanned).
The format for these comments is `trivy:ignore:<Vulnerability ID>` immediately following the format-specific line-comment token.
The format for these comments is `trivy:ignore:<Vulnerability ID>` immediately following the format-specific line-comment token. You can add multiple ignores on the same comment line.
For example, to filter a Vulnerability ID "AVD-GCP-0051" in a Terraform HCL file:
Expand All @@ -508,4 +508,14 @@ resource "google_container_cluster" "one_off_test" {
}
```
For example, to filter vulnerabilities "AVD-GCP-0051" and "AVD-GCP-0053" in a Terraform HCL file:
```terraform
#trivy:ignore:AVD-GCP-0051 trivy:ignore:AVD-GCP-0053
resource "google_container_cluster" "one_off_test" {
name = var.cluster_name
location = var.region
}
```
[^1]: license name is used as id for `.trivyignore.yaml` files

0 comments on commit a2b6549

Please sign in to comment.