Replies: 1 comment
-
|
Thanks for your idea. Since Trivy supports a variety of ecosystems, we need to provide a consistent option. We added dev dependencies as it's common across ecosystems. We need to start investigating how many ecosystems support optional dependencies and how it is called in other ecosystems. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Description
Hello Trivy Team,
This is request for feature (Add-on)
In the latest version of Trivy, we have a feature that helps us ignoring dev-deps for scanning. Trivy offers the flag [include-dev-deps] to include or exclude dev-dependencies. However, there is no such flag or feature using which we can exclude 'optional dependencies' in Trivy scan. So kindly see if such feature to help include/exclude 'optional dependencies' can be provided or can we have a flag for dep-types in which we can list the types of dependency that can be excluded in a trivy scan. I have added a package.json file which have optional dependency for reference.
package.json
Target
Filesystem
Scanner
Vulnerability
Beta Was this translation helpful? Give feedback.
All reactions