trivy-secret.yaml

allow-rules:

  # Instructions: add rules here to skip false positive secrets detected by
  # trivy. For more information, see https://aquasecurity.github.io/trivy/latest/docs/scanner/secret/#configuration
  #
  # Example:
  # - id: my-rule
  #   description: skip my secret in my metadata
  #   path: .*/my-package-1\.2\.3\.dist-info/METADATA


  # Disable false positive secrets detected in the PyJWT package metadata
  # (see https://github.com/aquasecurity/trivy/discussions/5772).
  - id: jwt-token
    description: skip JWT secret in PyJWT package metadata
    path: .*/PyJWT-2\..\..\.dist-info/METADATA

  # Disable false positive secrets detected in the aws_profile_manager
  # package metadata
  - id: aws-profile-manager-access-key
    description: skip AWS access key in aws_profile_manager package metadata
    path: .*/aws_profile_manager-0\.7\.3\.dist-info/METADATA