Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(misconf): Add support for wildcard ignores #5120

Closed
simar7 opened this issue Sep 4, 2023 · 4 comments · Fixed by #6414
Closed

feat(misconf): Add support for wildcard ignores #5120

simar7 opened this issue Sep 4, 2023 · 4 comments · Fixed by #6414
Assignees
@simar7 @nikpivkin
Labels
kind/feature Categorizes issue or PR as related to a new feature. scan/misconfiguration Issues relating to misconfiguration scanning

Comments

@simar7
Copy link
Member

simar7 commented Sep 4, 2023
edited
Loading

As described in the issues below, we can add support for wildcards for workspaces and other resources in general

https://github.com/aquasecurity/tfsec/issues/1937

**Is your feature request related to a problem? Please describe. **
I was able to setup ignore rules per workspace, but I should specify full name of workspace I have different workspaces related different apps and environments

Describe the solution you'd like
It would be good to have ability to setup workspace ignore rule with wildcard.
example:
tfsec:ignore:AWS006:exp:2221-01-02 #tfsec:ignore:AWS018:ws:development-*

https://github.com/aquasecurity/tfsec/issues/1804

Is your feature request related to a problem? Please describe.
I want to add ignore rules depending on the workspace name, For example, if the workspace name contains a test then ignore rules for resources

Describe the solution you'd like
Right now it is possible to ignore the workspace with this
#tfsec:ignore:AWS018:ws:development-test-app-1

Describe alternatives you've considered
I want to be able to ignore the workspace with something like this
#tfsec:ignore:AWS018:ws:*-test-*
@simar7 simar7 added kind/feature Categorizes issue or PR as related to a new feature. scan/misconfiguration Issues relating to misconfiguration scanning labels Sep 4, 2023
@stevehipwell
Copy link

stevehipwell commented Sep 7, 2023
edited
Loading

This would be allow us to work around #4922 where there are a large number of false positives being created.

I assume that this would also be applicable to the .trivyignore.yaml paths?

@cdenneen
Copy link

cdenneen commented Feb 5, 2024

Agree with @stevehipwell would like this to work in the paths for .trivyignore.yaml as well.

@cdenneen
Copy link

cdenneen commented Feb 6, 2024

If not wildcard can paths at least accept regex patterns?

@nikpivkin nikpivkin mentioned this issue Mar 29, 2024
Merged
6 tasks
@simar7 simar7 self-assigned this Apr 3, 2024
@cdenneen
Copy link

cdenneen commented Apr 3, 2024

@simar7 Will this work with trivyignore? Can examples of how it would appear using that file? Looks like tests are all inline

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@simar7 simar7

@nikpivkin nikpivkin

Labels
kind/feature Categorizes issue or PR as related to a new feature. scan/misconfiguration Issues relating to misconfiguration scanning
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(misconf): add support for wildcard ignores nikpivkin/trivy
4 participants
@cdenneen @simar7 @stevehipwell @nikpivkin