Add Trivy ignore comment to examples

cloudeteer · Jan 8, 2025 · 03dca2c · 03dca2c
1 parent 0084509
commit 03dca2c
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -22,6 +22,9 @@ As documented on the [image](#input_image) input variable, it is possible to use
 
 This example demonstrates the usage of the virtual machine module with default settings. It sets up all necessary dependencies, including a resource group, virtual network, subnet, recovery services vault, backup policy, and key vault, to ensure seamless deployment.
 
+> [!TIP]
+> Our module enables password-based login for Linux virtual machines, configurable via the `authentication_type` input variable. If the [`disable_password_authentication`](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine.html#disable_password_authentication-1) setting on the [`azurerm_linux_virtual_machine`](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine) resource within this module is not explicitly set to `false`, [Trivy](https://trivy.dev) will flag a high-severity warning. To suppress this warning, add the comment `#trivy:ignore:avd-azu-0039` directly above the Terraform module definition, as shown in the example below.
+
 ```hcl
 resource "azurerm_resource_group" "example" {
   name     = "rg-example-dev-we-01"
@@ -91,6 +94,7 @@ resource "azurerm_key_vault" "example" {
   }
 }
 
+#trivy:ignore:avd-azu-0039
 module "example" {
   source = "cloudeteer/vm/azurerm"
 

diff --git a/examples/external_key_vault/main.tf b/examples/external_key_vault/main.tf
@@ -27,6 +27,7 @@ variable "location" {
   type = string
 }
 
+#trivy:ignore:avd-azu-0039
 module "example" {
   source = "cloudeteer/vm/azurerm"
 

diff --git a/examples/usage/main.md b/examples/usage/main.md
@@ -1 +1,4 @@
 This example demonstrates the usage of the virtual machine module with default settings. It sets up all necessary dependencies, including a resource group, virtual network, subnet, recovery services vault, backup policy, and key vault, to ensure seamless deployment.
+
+> [!TIP]
+> Our module enables password-based login for Linux virtual machines, configurable via the `authentication_type` input variable. If the [`disable_password_authentication`](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine.html#disable_password_authentication-1) setting on the [`azurerm_linux_virtual_machine`](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine) resource within this module is not explicitly set to `false`, [Trivy](https://trivy.dev) will flag a high-severity warning. To suppress this warning, add the comment `#trivy:ignore:avd-azu-0039` directly above the Terraform module definition, as shown in the example below.
diff --git a/examples/usage/main.tf b/examples/usage/main.tf
@@ -66,6 +66,7 @@ resource "azurerm_key_vault" "example" {
   }
 }
 
+#trivy:ignore:avd-azu-0039
 module "example" {
   source = "cloudeteer/vm/azurerm"
-Original file line number
+Diff line change
@@ Expand Up / @@ -66,6 +66,7 @@ resource "azurerm_key_vault" "example" { @@
       }
     }
+    #trivy:ignore:avd-azu-0039
     module "example" {
       source = "cloudeteer/vm/azurerm"
@@ Expand Down @@