trivy.fs.yaml

# tightening the previous options:
#
# trivy fs  --format json --exit-code  1 --ignore-unfixed --vuln-type  os,library --severity  CRITICAL,HIGH,MEDIUM --output  ./trivy-results.json .
#
# to stop ignoting unfixed and broaden security scope to all severities:
# 
# exit:
#   code: 1
# format: json
# output: /trivy-results.json
# report: all
# vex:
#   trivy.vex
# ignorefile: .trivyignore
# ignore-policy: './trivy-ignore.rego'
# severity:
#   - UNKNOWN
#   - LOW
#   - MEDIUM
#   - HIGH
#   - CRITICAL
# scan:
#   # Same as '--scanners'
#   # Default depends on subcommand
#   scanners:
#     - vuln
#     - misconfig
#     - secret
#   # - license
# vulnerability:
#   # Same as '--vuln-type'
#   # Default is 'os,library'
#   type:
#     - os
#     - library
# 
#   # Same as '--ignore-unfixed'
#   # Default is false
#   ignore-unfixed: false