Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(config): added reason field #1532

Merged
merged 3 commits into from
Oct 30, 2023
Merged

feat(config): added reason field #1532

merged 3 commits into from
Oct 30, 2023

Conversation

shanduur
Copy link
Contributor

@shanduur shanduur commented Sep 30, 2023
edited
Loading

Tested via following command:

./artifacts/grype \
    -c ./test-config.yaml \
    -t ./test-template.tmpl \
    -o template \
    registry.access.redhat.com/ubi8/ubi@sha256:45d0e45bb7e60cb8d9349e579a849579841116f1e4507bb2b977ac83c503e110

Where the config is:

ignore:
  - vulnerability: CVE-2023-4641
    reason: This vulnerability is not relevant in our application, because the vulnerability is only a problem under certain circumstances, that are not present in our application.

And template is:

<p>
    The following vulnerabilities are considered irrelevant:
    <ul>
        {{- range .IgnoredMatches}}
        <li>{{.Vulnerability.ID}} ({{ range $air := .AppliedIgnoreRules }}{{ $air.Reason }}{{ end }})</li>
        {{- end}}
    </ul>
</p>

Obtained output:

$ ./artifacts/grype -c ./test-config.yaml -t ./test-template.tmpl -o template registry.access.redhat.com/ubi8/ubi@sha256:45d0e45bb7e60cb8d9349e579a849579841116f1e4507bb2b977ac83c503e110
 ✔ Vulnerability DB                [no update available]  
 ✔ Parsed image                                                                   sha256:9de842ac8fcc2abf935f65425de90acde7a8a4841cfe9a5c06f0280d9c880681
 ✔ Cataloged packages              [206 packages]  
 ✔ Scanned for vulnerabilities     [212 vulnerability matches]  
   ├── by severity: 3 critical, 2 high, 72 medium, 131 low, 0 negligible (4 unknown)
   └── by status:   0 fixed, 212 not-fixed, 0 ignored 
<p>
    The following vulnerabilities are considered irrelevant:
    <ul>
        <li>CVE-2023-4641 (This vulnerability is not relevant in our application, because the vulnerability is only a problem under certain circumstances, that are not present in our application.)</li>
    </ul>
</p>

The template is not exactly as simple as @gutschet described, but it allows querying the reason for ignoring particular match.

Closes #1337

@shanduur
feat(config): added reason field
9f49904 
Signed-off-by: Mateusz Urbanek <mateusz.urbanek.98@gmail.com>
@shanduur shanduur marked this pull request as ready for review September 30, 2023 19:49
@shanduur
Copy link
Contributor Author

@willmurphyscode pinging to check if that's what was expected as a result from that issue.

@willmurphyscode
Copy link
Contributor

@shanduur Thanks very much for the PR! Taking a look today.

@willmurphyscode willmurphyscode self-assigned this Oct 30, 2023
@willmurphyscode willmurphyscode merged commit 0d870fa into anchore:main Oct 30, 2023
9 checks passed
@Porkepix Porkepix mentioned this pull request Nov 7, 2023
Merged
@shanduur shanduur deleted the feat-reason-ginore-config branch November 9, 2023 12:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wagoodman wagoodman wagoodman approved these changes

Assignees

@willmurphyscode willmurphyscode

Labels
None yet
Projects
OSS
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add a reason field to ignore config
3 participants
@shanduur @willmurphyscode @wagoodman