Dependency-Track / Trivy server integration --ignorefile .trivyignore #4605
Shadow-Templar
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I currently have Trivy server deployed and integrated with Dependency-Track. I have turned off all other analyzers and it works as expected. However, when configuring and trying to use the --ignorefile .trivyignore options in my helm charts, I cannot seem to get Trivy to deploy while ignoring vulnerabilities (suppress) within dependency track.
I have execd into my trivy container deployed alongside dependencytrack, verified that the .trivyignore file exists in the /home/scanner directory, however, even if I inject environment variables or add --ignorefile as an arg in the statefulset.yaml fro trivy it will not do anything.
After looking at logs it is apparent that trivy server does not support the --ignorefile flag, however, I'm trying to understand how dependency-track sends scan requests to the trivy server analyzer that is integrated.
Any help or added context would be appreciated.
Beta Was this translation helpful? Give feedback.
All reactions