You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+5-1Lines changed: 5 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -223,7 +223,11 @@ You can only use images built from a pull request for testing changes in github
223
223
## Generating a .trivyignore file
224
224
You can generate a .trivyignore file for known vulnerabilities by either downloading the json scan output generated by the build, or by generating it locally using the scanning images commands above with a make target of scan-image-json
225
225
226
-
If generated locally, then the output goes into .out/scan_results_docker.json
226
+
If generated locally, then the output goes into .out/scan_results_docker.json.
227
+
You can use github cli tools to download the scan output file. Replace the run id from the url, and the -n with the filename to download
228
+
```
229
+
gh run download <run id> -n scan_results_docker_fhir_facade_api_arm64.json
230
+
```
227
231
228
232
Once you have the scan output, use the following to generate a new .trivyignore file called .trivyignore.new.yaml. Note this will overwrite the output file when run so it should point to a new file and the contents merged with existing .trivyignore file
0 commit comments