feat(misconf): Ignore duplicate checks if found

[simar7]

Today we don't ignore duplicate checks if found (e.g. A check could exist as a Go and Rego implementation during the transition to move all checks to Rego). In such a case the check will be counted twice, leading to erroneous results.

[nikpivkin]

@simar7 I think this issue has already been solved with the addition of the deprecated field. #6626

[simar7]

@simar7 I think this issue has already been solved with the addition of the deprecated field. #6626

If a check isn't deprecated yet but has a duplicate of itself, what's the behavior in such a scenario? Do we not double count?

[nikpivkin]

Oh, I missed that. Yes, the result will be duplicated. Am I correct that the results of Rego checks should be prioritised?

[nikpivkin]

@simar7 Since we have already added functionality to skip deprecated checks and during the check migration process we mark Go checks as deprecated, so users will not face the problem of duplicate checks that Trivy supplies. It turns out only those checks supplied by the user himself can be duplicated. Does it make sense to exclude them or can we just warn the user?

[simar7]

so users will not face the problem of duplicate checks that Trivy supplies.

But if the user doesn't update to a newer version of trivy but yet downloads a new version of the bundle, they will still get duplicated checks right? This issue should add support going forwards so that any duplication of checks doesn't result in duplication of findings.

[nikpivkin]

In this case, if the user does not update Trivy, they will not get the functionality to ignore duplicate checks.

[simar7]

Yes but we can handle such a case going forwards from when this change is introduced. Regardless as you mentioned, older versions of Trivy will still face the same.