From 1bf2c8f0fc89808a1c2998ff7ee1fd1a50326f8d Mon Sep 17 00:00:00 2001
From: Kateryna Firoozi <118343731+KateFiroozi@users.noreply.github.com>
Date: Mon, 8 Apr 2024 15:06:43 +0200
Subject: [PATCH] Updates ignorePolicy comments in values.yaml (#1988)

Co-authored-by: Kateryna Firoozi <kateryna.firoozi@soprasteria.com>
---
 deploy/helm/values.yaml | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml
index c1ffd58a0..115a23f91 100644
--- a/deploy/helm/values.yaml
+++ b/deploy/helm/values.yaml
@@ -409,13 +409,29 @@ trivy:
   # -- ignorePolicy can be used to tell Trivy to ignore vulnerabilities by a policy
   # If multiple policies would match, then the most specific one has precedence over the others.
   # See https://aquasecurity.github.io/trivy/latest/docs/configuration/filtering/#by-open-policy-agent for more details.
+  # See https://github.com/aquasecurity/trivy/blob/v0.19.2/contrib/example_policy/basic.rego for more details on ignorePolicy filtering.
   #
   # ignorePolicy.application.my-app-.: |
-  #   # applies to all workloads in namespace "application" with the name pattern "my-app-*"
+  #  package trivy
+
+  #  import data.lib.trivy
+
+  #  default ignore = true
+  # applies to all workloads in namespace "application" with the name pattern "my-app-*"
   # ignorePolicy.kube-system: |
-  #   # applies to all workloads in namespace "kube-system"
+  #  package trivy
+
+  #  import data.lib.trivy
+
+  #  default ignore = true
+  # applies to all workloads in namespace "kube-system"
   # ignorePolicy: |
-  #   # applies to all other workloads
+  #  package trivy
+
+  #  import data.lib.trivy
+
+  #  default ignore = true
+  # applies to all other workloads
 
   # -- vulnType can be used to tell Trivy to filter vulnerabilities by a pkg-type (library, os)
   vulnType: ~