BUG: Extension doesn't pick up `.trivyignore` file

Question

BUG: Extension doesn't pick up `.trivyignore` file

Opened this issue 10 months ago · 3 comments

The extension doesn't seem to find a .trivyignore file in the root of the workspace. If I run the extension with DEBUG enabled I don't see a mention that it found the .trivyignore.

However if I run the command in the terminal for the same location, it behaves as expected.

Answer 1 · 2024-02-20T20:38:30.000Z

Just confirming that i also am experiencing the same behavior.
trivy 0.49.1
vs code 1.86.2

No mention of my .trivyignore file in the debug logs

Answer 2 · 2024-06-21T08:46:33.000Z

I am experiencing the same. I am using a workspace of several repos where each has a trivyignore file.

version 0.52.2

No mentions of trivyignore here either.

Answer 3 · 2024-07-11T22:07:21.000Z

We use things like Terraform modules which have embedded examples which Trivy will flag as security issues even though they're not used or referenced by our code in any way. Our CLI usage uses a trivy.yaml file (along with a .trivyignore file) which I was hoping to be able to configure the extension to use as well.