Various Trivy whitelist fixes

assumptionsandg · assumptionsandg · commit f65f55bc5c93 · 2024-06-19T10:10:41.000+01:00
Substitute underscore in imagename for consistent formatting in
whitelists file and remove unnecessary return code checking
diff --git a/etc/kayobe/trivy/allowed-vulnerabilities.yml b/etc/kayobe/trivy/allowed-vulnerabilities.yml
@@ -7,7 +7,7 @@
 # keystone_allowed_vulnerabilities:
 #   - CVE-2022-2447
 #
-# barbican-api_allowed_vulnerabilities:
+# barbican_api_allowed_vulnerabilities:
 #   - CVE-2023-31047
 
 global_allowed_vulnerabilities:
diff --git a/tools/scan-images.sh b/tools/scan-images.sh
@@ -34,18 +34,15 @@ touch image-scan-output/clean-images.txt image-scan-output/dirty-images.txt
 # generate a csv summary
 for image in $images; do
   filename=$(basename $image | sed 's/:/\./g')
-  imagename=$(echo $filename | cut -d "." -f 1)
+  imagename=$(echo $filename | cut -d "." -f 1 | sed 's/-/_/g')
   global_vulnerabilities=$(yq .global_allowed_vulnerabilities[] src/kayobe-config/etc/kayobe/trivy/allowed-vulnerabilities.yml)
   image_vulnerabilities=$(yq .$imagename'_allowed_vulnerabilities[]' src/kayobe-config/etc/kayobe/trivy/allowed-vulnerabilities.yml)
-  rc=$?
   touch .trivyignore
   for vulnerability in $global_vulnerabilities; do
     echo $vulnerability >> .trivyignore
   done
   for vulnerability in $image_vulnerabilities; do
-    if [ $rc -eq 0 ]; then
-        echo $vulnerability >> .trivyignore
-    fi
+    echo $vulnerability >> .trivyignore
   done
   if $(trivy image \
           --quiet \

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@`
`7`	`7`	`# keystone_allowed_vulnerabilities:`
`8`	`8`	`# - CVE-2022-2447`
`9`	`9`	`#`
`10`		`-# barbican-api_allowed_vulnerabilities:`
	`10`	`+# barbican_api_allowed_vulnerabilities:`
`11`	`11`	`# - CVE-2023-31047`
`12`	`12`
`13`	`13`	`global_allowed_vulnerabilities:`