docs: add example of creating whitelist of checks

Signed-off-by: nikpivkin <[email protected]>
aquasecurity · Oct 30, 2024 · 48a8868 · 48a8868
1 parent 6fab88d
commit 48a8868
Showing 1 changed file with 19 additions and 1 deletion.
diff --git a/docs/docs/configuration/filtering.md b/docs/docs/configuration/filtering.md
@@ -483,7 +483,25 @@ trivy image --ignore-policy contrib/example_policy/basic.rego centos:7
 For more advanced use cases, there is a built-in Rego library with helper functions that you can import into your policy using: `import data.lib.trivy`.
 More info about the helper functions are in the library [here](https://github.com/aquasecurity/trivy/tree/{{ git.tag }}/pkg/result/module.go).
 
-You can find more example checks [here](https://github.com/aquasecurity/trivy/tree/{{ git.tag }}/pkg/result/module.go)
+You can find more example checks [here](https://github.com/aquasecurity/trivy/tree/{{ git.tag }}/contrib/example_policy).
+
+You can also create a whitelist of checks using Rego. The policy below ignores all checks that are not allowed:
+
+```rego
+package trivy
+
+import rego.v1
+
+allowed_checks := {
+    "AVD-AWS-0089"
+}
+
+default ignore := false
+
+ignore if not is_check_allowed
+
+is_check_allowed if input.AVDID in allowed_checks
+```
 
 ### By Vulnerability Exploitability Exchange (VEX)
 |     Scanner      | Supported |