-
-
Notifications
You must be signed in to change notification settings - Fork 635
Expand file tree
/
Copy path.trivyignore.yaml
More file actions
29 lines (29 loc) · 1.4 KB
/
.trivyignore.yaml
File metadata and controls
29 lines (29 loc) · 1.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
misconfigurations:
- id: DS-0002 # Specify at least 1 USER command in Dockerfile with non-root user as argument.
paths:
- docker/e2e/Dockerfile
- docker/semgrep/Dockerfile
- docker/trivy/Dockerfile
- docker/zap/Dockerfile
- id: AVD-AWS-0053 # Public ALB intentional for nest.owasp.dev
paths:
- infrastructure/modules/alb/main.tf
- id: AVD-AWS-0087 # Public bucket policy (static: allow_public_read; shared data: public read object)
paths:
- infrastructure/modules/storage/modules/s3-bucket/main.tf
- infrastructure/modules/storage/modules/shared-data-bucket/main.tf
- id: AVD-AWS-0093 # Public buckets (static: allow_public_read; shared data: public read object)
paths:
- infrastructure/modules/storage/modules/s3-bucket/main.tf
- infrastructure/modules/storage/modules/shared-data-bucket/main.tf
- id: AVD-AWS-0102 # Public NACL egress allows all ports; required for NAT gateway traffic forwarding
paths:
- infrastructure/modules/networking/modules/nacl/main.tf
- id: AVD-AWS-0104 # HTTPS egress to 0.0.0.0/0 for external API calls (backend, tasks, frontend)
paths:
- infrastructure/modules/security/main.tf
- id: AVD-AWS-0132 # SSE-S3 (AES256) instead of CMK
paths:
- infrastructure/modules/alb/main.tf
- infrastructure/modules/storage/modules/shared-data-bucket/main.tf
- infrastructure/state/main.tf