From 8af8dbe30c07c4b175f26f8364c0a53c9efb8d10 Mon Sep 17 00:00:00 2001 From: DmitriyLewen Date: Fri, 16 Feb 2024 13:42:54 +0600 Subject: [PATCH] docs(filtering): add remark about using path for package licenses for .trivyignore.yaml file --- docs/docs/configuration/filtering.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/docs/configuration/filtering.md b/docs/docs/configuration/filtering.md index 428220c87dfc..e13f44b51cbf 100644 --- a/docs/docs/configuration/filtering.md +++ b/docs/docs/configuration/filtering.md @@ -338,7 +338,7 @@ Available fields: | Field | Required | Type | Description | |------------|:--------:|---------------------|------------------------------------------------------------------------------------------------------------| | id | ✓ | string | The identifier of the vulnerability, misconfiguration, secret, or license[^1]. | -| paths | | string array | The list of file paths to be ignored. If `paths` is not set, the ignore finding is applied to all files. | +| paths[^2] | | string array | The list of file paths to be ignored. If `paths` is not set, the ignore finding is applied to all files. | | expired_at | | date (`yyyy-mm-dd`) | The expiration date of the ignore finding. If `expired_at` is not set, the ignore finding is always valid. | | statement | | string | The reason for ignoring the finding. (This field is not used for filtering.) | @@ -489,4 +489,5 @@ You can find more example policies [here](https://github.com/aquasecurity/trivy/ Please refer to the [VEX documentation](../supply-chain/vex.md) for the details. -[^1]: license name is used as id for `.trivyignore.yaml` files +[^1]: license name is used as id for `.trivyignore.yaml` files. +[^2]: This doesn't work for package licenses. The `path` field can only be used for license files (licenses obtained using the [--license-full flag](../scanner/license.md#full-scanning)). \ No newline at end of file