feat(vuln): support vulnerability status (#4867)

* feat: support vulnerability status * feat: show status in table * don't add `fixed` status in debian/redhat * update test golden files * add Status in rpc * update docs * update ignore-status example * add ignore-status in integration test * docs: add the explanation for statuses --------- Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
2025-12-22 07:10:41 -08:00 · 2023-07-26 14:55:03 +03:00
parent 11618c9408
commit 232ba823e1
84 changed files with 442 additions and 214 deletions
--- a/integration/docker_engine_test.go
+++ b/integration/docker_engine_test.go
@@ -26,6 +26,7 @@ func TestDockerEngine(t *testing.T) {
 		imageTag      string
 		invalidImage  bool
 		ignoreUnfixed bool
+		ignoreStatus  []string
 		severity      []string
 		ignoreIDs     []string
 		input         string
@@ -101,6 +102,13 @@ func TestDockerEngine(t *testing.T) {
 			input:         "testdata/fixtures/images/centos-7.tar.gz",
 			golden:        "testdata/centos-7-ignore-unfixed.json.golden",
 		},
+		{
+			name:         "centos 7, with --ignore-status option",
+			imageTag:     "ghcr.io/aquasecurity/trivy-test-images:centos-7",
+			ignoreStatus: []string{"will_not_fix"},
+			input:        "testdata/fixtures/images/centos-7.tar.gz",
+			golden:       "testdata/centos-7-ignore-unfixed.json.golden",
+		},
 		{
 			name:          "centos 7, with --ignore-unfixed option, with medium severity",
 			imageTag:      "ghcr.io/aquasecurity/trivy-test-images:centos-7",
@@ -128,6 +136,13 @@ func TestDockerEngine(t *testing.T) {
 			input:         "testdata/fixtures/images/debian-buster.tar.gz",
 			golden:        "testdata/debian-buster-ignore-unfixed.json.golden",
 		},
+		{
+			name:         "debian buster/10, with --ignore-status option",
+			ignoreStatus: []string{"affected"},
+			imageTag:     "ghcr.io/aquasecurity/trivy-test-images:debian-buster",
+			input:        "testdata/fixtures/images/debian-buster.tar.gz",
+			golden:       "testdata/debian-buster-ignore-unfixed.json.golden",
+		},
 		{
 			name:     "debian stretch/9",
 			imageTag: "ghcr.io/aquasecurity/trivy-test-images:debian-stretch",
@@ -240,6 +255,12 @@ func TestDockerEngine(t *testing.T) {
 			if tt.ignoreUnfixed {
 				osArgs = append(osArgs, "--ignore-unfixed")
 			}
+
+			if len(tt.ignoreStatus) != 0 {
+				osArgs = append(osArgs,
+					[]string{"--ignore-status", strings.Join(tt.ignoreStatus, ",")}...,
+				)
+			}
 			if len(tt.severity) != 0 {
 				osArgs = append(osArgs,
 					[]string{"--severity", strings.Join(tt.severity, ",")}...,