Ho do I ignore a specific vulnerability by ID only in a particular file.

[codemedic]

If I have multiple Dockerfiles, say one just for build and the other for docker images that are meant for deployment, trivy sometimes report issues with the former which I would like to ignore. Since they are build time only, they are safe enough to ignore.

How do I ignore them by ID per file?

[itaysk]

Hi,
You can either use the skip files flag: https://aquasecurity.github.io/trivy/v0.37/docs/vulnerability/examples/others/#skip-files
Or write a custom ignore policy: https://aquasecurity.github.io/trivy/v0.37/docs/misconfiguration/policy/exceptions/

[codemedic]

Thanks, @itaysk

Are there any guides / examples to ignore a specific ID in a specific file?

I was hoping it would be something simpler, like a comment above the offending line in the specific file. I agree, it is not always possible, like a strict JSON file for example.

[itaysk]

comment above the offending line in the specific file

sounds like #2961, please comment there if you have feedback about this feature

Are there any guides / examples to ignore a specific ID in a specific file?

I think today your best bet would be using rego exceptions which have some examples here. This feature's documentation needs improvement

While we improve the experience around this, you can follow this discussion for some context: #3620.