Skip to content

⚡️ Feature: Vulnerability Scan Enhancements #2200

Open
Feature
Open
⚡️ Feature: Vulnerability Scan Enhancements#2200
Feature
Labels
needs more upvotesUpvote the issue to show that this is a feature that is wanted.
@coral-hungus

Description

@coral-hungus
coral-hungus
opened on Apr 1, 2026

Feature Description

Hi, I'd like to suggest a couple enhancements for Trivy scans.

  1. It would be great to exclude certain images, ideally at the Projects level, from scans.
  2. I would like to be able to specify arguments for Trivy scans, for example:
    image --pkg-types os --ignore-unfixed

Problem It Solves

  1. I only expose a handful of projects, and am only concerned with vuln scans on those. Projects that aren't accessible outside my network should be excluded from scans.
  2. I use these arguments with Trivy scans and pass the output to Copa for OS patching inside containers.

Proposed Solution

  1. This could look something like the 'Excluded Containers' section of the Auto Heal job schedule, with a checkbox per Project to exclude.
  2. A text box to override default Trivy arguments.

Alternatives Considered

No response

Additional Context

No response

Would you be willing to work on this feature?

  • Yes, I'd like to implement this feature
  • I could help with parts of this feature
  • No, I'm just suggesting the feature

Metadata

Metadata

Assignees

No one assigned

    Labels

    needs more upvotesUpvote the issue to show that this is a feature that is wanted.

    Type

    Feature

    Projects

    Arcane Project Management

    Status

    Todo

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions