Trivy provides multiple ways to ignore directories, files, and vulnerabilities during scanning. This guide covers all correct and updated methods, including command-line options, configuration files, and post-processing techniques.
1️⃣ Ignore Directories & Files Using Command-Line Options (Recommended for Quick Exclusions)
Trivy supports --skip-dirs and --skip-files flags to exclude directories and files while scanning.
Examples:
✅ Ignore specific directories
trivy image --skip-dirs "/var/lib/gems/2.5.0/gems/fluent-plugin-detect-exceptions-0.0.13" \
            --skip-dirs "/var/lib/gems/2.5.0/gems/http_parser.rb-0.6.0" \
            quay.io/fluentd_elasticsearch/fluentd:v2.9.0
Code language: JavaScript (javascript)✅ Ignore directories when scanning a local filesystem
trivy fs --skip-dirs "./testdata/*" .
Code language: JavaScript (javascript)✅ Ignore Terraform-related files and directories
trivy config --skip-dirs "**/.terraform" .
Code language: JavaScript (javascript)✅ Ignore specific files during image scanning
trivy image --skip-files "/Gemfile.lock" --skip-files "/var/lib/gems/2.5.0/gems/http_parser.rb-0.6.0/Gemfile.lock" quay.io/fluentd_elasticsearch/fluentd:v2.9.0
Code language: JavaScript (javascript)✅ Ignore all foo directories in any subdirectory
trivy image --skip-files "**/foo" image:tag
Code language: JavaScript (javascript)✅ Use --file-patterns to ignore files based on type
trivy fs --file-patterns "dockerfile:.*.docker" --file-patterns "kubernetes:*.tpl" --file-patterns "pip:requirements-.*\.txt" .
Code language: CSS (css)📌 Use Case: Best when you want to exclude files or directories temporarily without modifying any configuration files.
2️⃣ Use trivy.yaml Configuration File for Persistent Directory/File Skipping
For a permanent solution, create a trivy.yaml file in the root of your project.
Example trivy.yaml
scan:
  skip-dirs:
    - "**/examples/**"
    - "**/.terraform/**"
    - "node_modules"
    - "vendor"
  skip-files:
    - "**/*.log"
    - "**/Gemfile.lock"
Code language: JavaScript (javascript)✅ Run Trivy with the configuration file:
trivy fs --config trivy.yaml .
Code language: CSS (css)📌 Use Case: Best for consistent exclusions across multiple runs without needing CLI options.
3️⃣ Ignore Specific Vulnerabilities Using .trivyignore
You can ignore specific vulnerabilities by their IDs using a .trivyignore file.
Example .trivyignore
AVD-KSV-0014
CVE-2023-1234
✅ Run Trivy and apply .trivyignore:
trivy fs --ignorefile .trivyignore .
Code language: CSS (css)📌 Use Case: When you want to exclude false positives or known vulnerabilities without ignoring entire files or directories.
4️⃣ Use find to Dynamically Exclude Directories Before Running Trivy
If you don’t want to modify your Trivy configurations, you can manually exclude directories before scanning.
✅ Find and exclude examples and node_modules directories
find . -type d \( -name "examples" -o -name "node_modules" \) -prune -o -print | trivy fs .
Code language: PHP (php)📌 Use Case: When you cannot modify project files but need to exclude directories.
5️⃣ Use grep -v to Filter Out Results After Scanning
If Trivy scans everything but you want to remove unwanted results from the output:
✅ Remove results from examples/ directories
trivy fs . | grep -v "examples/"
Code language: JavaScript (javascript)📌 Use Case: Quick fix when Trivy outputs unwanted directories but scanning time is not a concern.
Final Comparison: Best Method to Use
| Method | Best For | Permanent? | Performance Impact? | 
|---|---|---|---|
| --skip-dirs/--skip-files | Quick exclusions | ❌ No | ✅ Improves | 
| trivy.yaml(skip-dirs,skip-files) | Persistent exclusions | ✅ Yes | ✅ Improves | 
| .trivyignore(Ignore CVEs) | Ignoring vulnerabilities | ✅ Yes | ⚠️ No impact | 
| find -prune | Excluding before scanning | ❌ No | ✅ Improves | 
| grep -v | Filtering after scanning | ❌ No | ⚠️ No impact | 
Conclusion
🚀 Best method → Use --skip-dirs and --skip-files in the CLI for quick fixes.
⚡ For permanent exclusions → Use trivy.yaml.
🔎 To ignore vulnerabilities only → Use .trivyignore.
⏳ If you can’t modify configurations → Use find or grep.
This is the correct, updated, and complete guide to ignoring directories and files in Trivy. ✅ Let me know if you need further clarification! 🚀
I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow , and SEO strategies at Wizbrand.
Do you want to learn Quantum Computing?
Please find my social handles as below;
Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at WIZBRAND
 
