{"id":48735,"date":"2025-03-12T06:50:50","date_gmt":"2025-03-12T06:50:50","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=48735"},"modified":"2025-03-12T06:50:50","modified_gmt":"2025-03-12T06:50:50","slug":"trivy-list-of-methods-to-ignore-directories-files-during-scanning","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/trivy-list-of-methods-to-ignore-directories-files-during-scanning\/","title":{"rendered":"Trivy: List of Methods to Ignore Directories &amp; Files During Scanning"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<p>Trivy provides multiple ways to ignore <strong>directories, files, and vulnerabilities<\/strong> during scanning. This guide covers all <strong>correct and updated<\/strong> methods, including <strong>command-line options, configuration files, and post-processing techniques<\/strong>.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>1\ufe0f\u20e3 Ignore Directories &amp; Files Using Command-Line Options (Recommended for Quick Exclusions)<\/strong><\/h2>\n\n\n\n<p>Trivy supports <code>--skip-dirs<\/code> and <code>--skip-files<\/code> flags to <strong>exclude directories and files<\/strong> while scanning.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Examples:<\/strong><\/h3>\n\n\n\n<p>\u2705 <strong>Ignore specific directories<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-1\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">trivy image --skip-dirs <span class=\"hljs-string\">\"\/var\/lib\/gems\/2.5.0\/gems\/fluent-plugin-detect-exceptions-0.0.13\"<\/span> \\\n            --skip-dirs <span class=\"hljs-string\">\"\/var\/lib\/gems\/2.5.0\/gems\/http_parser.rb-0.6.0\"<\/span> \\\n            quay.io\/fluentd_elasticsearch\/fluentd:v2<span class=\"hljs-number\">.9<\/span><span class=\"hljs-number\">.0<\/span>\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-1\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>\u2705 <strong>Ignore directories when scanning a local filesystem<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-2\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">trivy fs --skip-dirs <span class=\"hljs-string\">\".\/testdata\/*\"<\/span> .\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-2\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>\u2705 <strong>Ignore Terraform-related files and directories<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-3\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">trivy config --skip-dirs <span class=\"hljs-string\">\"**\/.terraform\"<\/span> .\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-3\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>\u2705 <strong>Ignore specific files during image scanning<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-4\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">trivy image --skip-files <span class=\"hljs-string\">\"\/Gemfile.lock\"<\/span> --skip-files <span class=\"hljs-string\">\"\/var\/lib\/gems\/2.5.0\/gems\/http_parser.rb-0.6.0\/Gemfile.lock\"<\/span> quay.io\/fluentd_elasticsearch\/fluentd:v2<span class=\"hljs-number\">.9<\/span><span class=\"hljs-number\">.0<\/span>\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-4\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>\u2705 <strong>Ignore all <code>foo<\/code> directories in any subdirectory<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-5\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">trivy image --skip-files <span class=\"hljs-string\">\"**\/foo\"<\/span> image:tag\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-5\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>\u2705 <strong>Use <code>--file-patterns<\/code> to ignore files based on type<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-6\" data-shcb-language-name=\"CSS\" data-shcb-language-slug=\"css\"><span><code class=\"hljs language-css\"><span class=\"hljs-selector-tag\">trivy<\/span> <span class=\"hljs-selector-tag\">fs<\/span> <span class=\"hljs-selector-tag\">--file-patterns<\/span> \"<span class=\"hljs-selector-tag\">dockerfile<\/span><span class=\"hljs-selector-pseudo\">:.<\/span>*<span class=\"hljs-selector-class\">.docker<\/span>\" <span class=\"hljs-selector-tag\">--file-patterns<\/span> \"<span class=\"hljs-selector-tag\">kubernetes<\/span>:*<span class=\"hljs-selector-class\">.tpl<\/span>\" <span class=\"hljs-selector-tag\">--file-patterns<\/span> \"<span class=\"hljs-selector-tag\">pip<\/span><span class=\"hljs-selector-pseudo\">:requirements-.<\/span>*\\<span class=\"hljs-selector-class\">.txt<\/span>\" .\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-6\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">CSS<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">css<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>\ud83d\udccc <strong>Use Case:<\/strong> Best when you want to <strong>exclude files or directories temporarily<\/strong> without modifying any configuration files.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>2\ufe0f\u20e3 Use <code>trivy.yaml<\/code> Configuration File for Persistent Directory\/File Skipping<\/strong><\/h2>\n\n\n\n<p>For a <strong>permanent<\/strong> solution, create a <code>trivy.yaml<\/code> file in the root of your project.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Example <code>trivy.yaml<\/code><\/strong><\/h3>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-7\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">scan:\n  skip-dirs:\n    - <span class=\"hljs-string\">\"**\/examples\/**\"<\/span>\n    - <span class=\"hljs-string\">\"**\/.terraform\/**\"<\/span>\n    - <span class=\"hljs-string\">\"node_modules\"<\/span>\n    - <span class=\"hljs-string\">\"vendor\"<\/span>\n  skip-files:\n    - <span class=\"hljs-string\">\"**\/*.log\"<\/span>\n    - <span class=\"hljs-string\">\"**\/Gemfile.lock\"<\/span>\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-7\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>\u2705 <strong>Run Trivy with the configuration file<\/strong>:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-8\" data-shcb-language-name=\"CSS\" data-shcb-language-slug=\"css\"><span><code class=\"hljs language-css\"><span class=\"hljs-selector-tag\">trivy<\/span> <span class=\"hljs-selector-tag\">fs<\/span> <span class=\"hljs-selector-tag\">--config<\/span> <span class=\"hljs-selector-tag\">trivy<\/span><span class=\"hljs-selector-class\">.yaml<\/span> .\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-8\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">CSS<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">css<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>\ud83d\udccc <strong>Use Case:<\/strong> Best for <strong>consistent exclusions<\/strong> across multiple runs without needing CLI options.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>3\ufe0f\u20e3 Ignore Specific Vulnerabilities Using <code>.trivyignore<\/code><\/strong><\/h2>\n\n\n\n<p>You can ignore <strong>specific vulnerabilities<\/strong> by their IDs using a <code>.trivyignore<\/code> file.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Example <code>.trivyignore<\/code><\/strong><\/h3>\n\n\n<pre class=\"wp-block-code\"><span><code class=\"hljs\">AVD-KSV-0014\nCVE-2023-1234\n<\/code><\/span><\/pre>\n\n\n<p>\u2705 <strong>Run Trivy and apply <code>.trivyignore<\/code><\/strong>:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-9\" data-shcb-language-name=\"CSS\" data-shcb-language-slug=\"css\"><span><code class=\"hljs language-css\"><span class=\"hljs-selector-tag\">trivy<\/span> <span class=\"hljs-selector-tag\">fs<\/span> <span class=\"hljs-selector-tag\">--ignorefile<\/span> <span class=\"hljs-selector-class\">.trivyignore<\/span> .\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-9\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">CSS<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">css<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>\ud83d\udccc <strong>Use Case:<\/strong> When you want to <strong>exclude false positives<\/strong> or known vulnerabilities <strong>without ignoring entire files or directories<\/strong>.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>4\ufe0f\u20e3 Use <code>find<\/code> to Dynamically Exclude Directories Before Running Trivy<\/strong><\/h2>\n\n\n\n<p>If you don&#8217;t want to modify your Trivy configurations, you can <strong>manually exclude directories before scanning<\/strong>.<\/p>\n\n\n\n<p>\u2705 <strong>Find and exclude <code>examples<\/code> and <code>node_modules<\/code> directories<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-10\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">find . -type d \\( -name <span class=\"hljs-string\">\"examples\"<\/span> -o -name <span class=\"hljs-string\">\"node_modules\"<\/span> \\) -prune -o -<span class=\"hljs-keyword\">print<\/span> | trivy fs .\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-10\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>\ud83d\udccc <strong>Use Case:<\/strong> When you <strong>cannot modify project files<\/strong> but need to exclude directories.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>5\ufe0f\u20e3 Use <code>grep -v<\/code> to Filter Out Results After Scanning<\/strong><\/h2>\n\n\n\n<p>If Trivy scans everything but you want to remove unwanted results from the output:<\/p>\n\n\n\n<p>\u2705 <strong>Remove results from <code>examples\/<\/code> directories<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-11\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">trivy fs . | grep -v <span class=\"hljs-string\">\"examples\/\"<\/span>\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-11\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>\ud83d\udccc <strong>Use Case:<\/strong> <strong>Quick fix<\/strong> when Trivy outputs unwanted directories but scanning time is not a concern.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Final Comparison: Best Method to Use<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>Method<\/strong><\/th><th><strong>Best For<\/strong><\/th><th><strong>Permanent?<\/strong><\/th><th><strong>Performance Impact?<\/strong><\/th><\/tr><\/thead><tbody><tr><td><code>--skip-dirs<\/code> \/ <code>--skip-files<\/code><\/td><td>Quick exclusions<\/td><td>\u274c No<\/td><td>\u2705 Improves<\/td><\/tr><tr><td><code>trivy.yaml<\/code> (<code>skip-dirs<\/code>, <code>skip-files<\/code>)<\/td><td>Persistent exclusions<\/td><td>\u2705 Yes<\/td><td>\u2705 Improves<\/td><\/tr><tr><td><code>.trivyignore<\/code> (Ignore CVEs)<\/td><td>Ignoring vulnerabilities<\/td><td>\u2705 Yes<\/td><td>\u26a0\ufe0f No impact<\/td><\/tr><tr><td><code>find -prune<\/code><\/td><td>Excluding before scanning<\/td><td>\u274c No<\/td><td>\u2705 Improves<\/td><\/tr><tr><td><code>grep -v<\/code><\/td><td>Filtering after scanning<\/td><td>\u274c No<\/td><td>\u26a0\ufe0f No impact<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Conclusion<\/strong><\/h2>\n\n\n\n<p>\ud83d\ude80 <strong>Best method<\/strong> \u2192 Use <code>--skip-dirs<\/code> and <code>--skip-files<\/code> in the CLI for quick fixes.<br>\u26a1 <strong>For permanent exclusions<\/strong> \u2192 Use <code>trivy.yaml<\/code>.<br>\ud83d\udd0e <strong>To ignore vulnerabilities only<\/strong> \u2192 Use <code>.trivyignore<\/code>.<br>\u23f3 <strong>If you can&#8217;t modify configurations<\/strong> \u2192 Use <code>find<\/code> or <code>grep<\/code>.<\/p>\n\n\n\n<p>This is the <strong>correct, updated, and complete<\/strong> guide to ignoring directories and files in Trivy. \u2705 Let me know if you need further clarification! \ud83d\ude80<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Trivy provides multiple ways to ignore directories, files, and vulnerabilities during scanning. This guide covers all correct and updated methods, including command-line options, configuration files, and post-processing techniques. 1\ufe0f\u20e3 Ignore&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[2],"tags":[],"class_list":["post-48735","post","type-post","status-publish","format-standard","hentry","category-uncategorised"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/48735","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=48735"}],"version-history":[{"count":1,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/48735\/revisions"}],"predecessor-version":[{"id":48736,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/48735\/revisions\/48736"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=48735"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=48735"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=48735"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}