feat: add support for .trivyignore.yaml

[knqyf263]

Description

Support the structured ignore file.

Example:

$ cat .trivyignore.yaml
vulnerabilities:
  - id: CVE-2023-30861
    paths:
      - "pkg/fanal/analyzer/language/python/poetry/testdata/happy/poetry.lock"
      - "pkg/fanal/analyzer/language/python/pip/testdata/requirements.txt"
    statement: Accept the risk
  - id: CVE-2023-37920
  - id: GHSA-5crp-9r3c-p9vr
     expired_at: 2023-09-01

misconfigurations:
  - id: AVD-DS-0002
  - id: AVD-DS-0003
     paths:
       - docs/Dockerfile
     statement: The container image is not deployed

It is still experimental since we're aware of more requirements around ignoring and possibly adding breaking changes. Thus, the file path must be explicitly specified as below so that it will not break compatibility.

$ trivy repo --ignorefile .trivyignore.yaml .

If the file extension is .yml or .yaml, Trivy tries to parse that in the YAML format. Otherwise, it is treated as the legacy .trivyignore.

TODOs

• Support .trivyignore.yaml
• Backward compatibility
• Write tests
• Write docs

Related issues

• Close Report vulnerability filtering: support scoped ignores #4022

Checklist

• I've read the guidelines for contributing to this repository.
• I've followed the conventions in the PR title.
• I've added tests that prove my fix is effective or that my feature works.
• I've updated the documentation with the relevant information (if needed).
• I've added usage information (if the PR introduces new options)
• I've included a "before" and "after" example to the description (if the PR is a user interface change).

[DmitriyLewen]

Perhaps we want to use wildcard for paths?

[DmitriyLewen]

don't forget: we need to update docs if we don't add wildcards.

[knqyf263]

Added c624be4

[DmitriyLewen]

lgtm