-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtrivy.yaml
More file actions
48 lines (41 loc) · 991 Bytes
/
trivy.yaml
File metadata and controls
48 lines (41 loc) · 991 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# Trivy configuration file
# This controls how Trivy scans the repository
# Scan configuration
scan:
# Skip scanning test files and documentation
skip-files:
- "test_*.py"
- "*_test.py"
- "docs/**"
- "**/*.md"
- ".github/**"
- "scripts/**"
# Skip directories that don't contain production code
skip-dirs:
- ".git"
- "node_modules"
- "venv"
- ".venv"
- "__pycache__"
- "workflows_backup*"
- "database"
# Vulnerability configuration
vulnerability:
# Only report HIGH and CRITICAL vulnerabilities
severity:
- CRITICAL
- HIGH
# Ignore unfixed vulnerabilities (no patch available)
ignore-unfixed: true
# Secret scanning configuration
secret:
# Disable secret scanning as we handle this separately
disable: false
# License scanning
license:
# Skip license scanning
disable: true
# Misconfiguration scanning
misconfiguration:
# Skip misconfiguration scanning for Python projects
skip-policy-update: true