ignore AVD-DS-0026 in trivy scan

lavarou · lavarou · commit 12ce2ab7531e · 2024-12-05T10:08:21.000-05:00
Ignore AVD-DS-0026 (missing HEALTHCHECK in Dockerfile) reported in
`files/Dockerfile`, which is used to build `devenv` service container
image. `devenv` service container is used to run an interactive shell
and having `HEALTHCHECK` in such a service doesn't make sense.
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
@@ -24,6 +24,7 @@ jobs:
           scan-type: fs
           scan-ref: ./php-agent
           trivy-config: ./php-agent/trivy.yaml
+          trivyignores: ./php-agent/.trivyignore
           format: table
           exit-code: 1
 
@@ -35,6 +36,7 @@ jobs:
           scan-type: fs
           scan-ref: ./php-agent
           trivy-config: ./php-agent/trivy.yaml
+          trivyignores: ./php-agent/.trivyignore
           format: sarif
           output: trivy-results.sarif
 
diff --git a/.trivyignore b/.trivyignore
@@ -0,0 +1,2 @@
+# Ignore missing HEALTHCHECK in Dockerfile - devenv service from files/Dockerfile doesn't need it:
+AVD-DS-0026

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+# Ignore missing HEALTHCHECK in Dockerfile - devenv service from files/Dockerfile doesn't need it:`
	`2`	`+AVD-DS-0026`