Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(misconf): Improving ignore experience #5395

Closed
simar7 opened this issue Oct 17, 2023 · 0 comments · Fixed by #5550
Closed

feat(misconf): Improving ignore experience #5395

simar7 opened this issue Oct 17, 2023 · 0 comments · Fixed by #5550
Assignees
@simar7
Labels
kind/feature Categorizes issue or PR as related to a new feature. scan/misconfiguration Issues relating to misconfiguration scanning
Milestone
v0.48.0

Comments

@simar7
Copy link
Member

simar7 commented Oct 17, 2023
edited
Loading

As discussed here: #2961 (comment)

Case sensitivity

  1. The ignore check is case-sensitive. I think it should either be case-insensitive or report errors for anything it's told to ignore which doesn't match a known rule. This is especially easy to hit because the output doesn't include the ID, but it does include a URL which looks like it has the ID except that it's transformed to lower-case and won't have any effect in an ignore block unless you know to restore the expected case.

We should make the ignore checks case insensitive. Both AVD-TEST-1234 and avd-test-1234 should resolve in the same rule.

Adding information about ignores

  1. Related to the previous point, it would also be useful if Trivy threw an error for any targeted ignore which didn't match an actual warning since that might indicate that you made a typo or a rule was renamed without a backwards mapping.

We can also explicitly add more information on which checks are being ignored.
@simar7 simar7 added kind/feature Categorizes issue or PR as related to a new feature. scan/misconfiguration Issues relating to misconfiguration scanning labels Oct 17, 2023
@simar7 simar7 mentioned this issue Oct 17, 2023
Closed
@simar7 simar7 self-assigned this Nov 8, 2023
@simar7 simar7 added this to the v0.48.0 milestone Nov 8, 2023
@simar7 simar7 mentioned this issue Nov 9, 2023
Merged
simar7 added a commit that referenced this issue Nov 10, 2023
@simar7
feat(misconf): Expose debug logs with --debug option
8922aa8 
Addresses: #5395

Signed-off-by: Simar <[email protected]>
@simar7 simar7 mentioned this issue Nov 10, 2023
Merged
7 tasks
@simar7 simar7 mentioned this issue Nov 24, 2023
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@simar7 simar7

Labels
kind/feature Categorizes issue or PR as related to a new feature. scan/misconfiguration Issues relating to misconfiguration scanning
Projects
Trivy Roadmap
Archived in project
Milestone
v0.48.0
Development

Successfully merging a pull request may close this issue.

feat(misconf): Expose misconf engine debug logs with --debug option aquasecurity/trivy
1 participant
@simar7