Filter by image registry #1997
Replies: 1 comment 3 replies
-
|
@ybasket today you can exclude images from scanning by namespace or skip scanning by resource labels |
Beta Was this translation helpful? Give feedback.
-
|
I'm aware of both options, but as described namespaces won't work and resource labelling could work, but would require careful labelling and effort. Would it be hard to add filter by registry/regex on image? I could imagine us contributing this feature if that's reasonably easy to do for outsiders. |
Beta Was this translation helpful? Give feedback.
-
|
I see, please raise an issue for it, and if you have time you can pick it up |
Beta Was this translation helpful? Give feedback.
-
|
Done: #2002 |
Beta Was this translation helpful? Give feedback.
-
Hello!
I'm currently evaluating
trivy-operatorto secure our clusters regarding vulnerabilities in 3rd party container images, for examplenginx. As we already regularly scan images we build ourselves, it would be great if we could exclude our internal AWS ECR registry from image scanning.Rego could probably be used to ignore all vulnerabilities from these images, but that would still execute the scan and hence waste resources. Also namespace filters don't solve our use case as our teams can deploy a mix of 3rd party and self-built images in their namespaces.
Is there any way to filter by registry or image regex? And if not, would it be hard to add?
Beta Was this translation helpful? Give feedback.
All reactions