feat: only set TRIVY_IGNORE of file present

2025-05-24 13:38:01 +00:00 · 2025-05-24 13:38:01 +00:00 · ca67be57ee
commit ca67be57ee
parent 67529a07cf
1 changed files with 4 additions and 1 deletions
--- a/podman.mk
+++ b/podman.mk
@ -29,6 +29,9 @@ ARCH ::= amd64
 ALL_ARCHS ::= amd64 arm64
 _ARCH = $(or $(filter $(ARCH),$(ALL_ARCHS)),$(error $$ARCH [$(ARCH)] must be exactly one of "$(ALL_ARCHS)"))

+ifneq ($(shell ls ./.trivyignore.yaml 2>/dev/null),)
+  TRIVY_IGNORE ::= --ignorefile ./.trivyignore.yaml
+endif
 ifneq ($(TRIVY_REMOTE),)
 	TRIVY_OPTS ::= --server $(TRIVY_REMOTE)
 endif
@ -49,7 +52,7 @@ test:: ## test built artificats

 scan: ## Scan image using trivy
 	echo "Scanning $(IMAGE):$(TAG)-$(_ARCH) using Trivy $(TRIVY_REMOTE)"
-	trivy image $(TRIVY_OPTS) --quiet --no-progress localhost/$(IMAGE):$(TAG)-$(_ARCH)
+	trivy image $(TRIVY_OPTS) --quiet --no-progress $(TRIVY_IGNORE) localhost/$(IMAGE):$(TAG)-$(_ARCH)

 # first tag and push all actual images
 # create new manifest for each tag and add all available TAG-ARCH before pushing