# Trivy Configuration for BreakPilot
# https://trivy.dev/
#
# Run: trivy image breakpilot-pwa-backend:latest
# Run filesystem: trivy fs .
# Run config: trivy config .

# Scan settings
scan:
  # Security checks to perform
  security-checks:
    - vuln        # Vulnerabilities
    - config      # Misconfigurations
    - secret      # Secrets in files

# Vulnerability settings
vulnerability:
  # Vulnerability types to scan for
  type:
    - os          # OS packages
    - library     # Application dependencies

  # Ignore unfixed vulnerabilities
  ignore-unfixed: false

# Severity settings
severity:
  - CRITICAL
  - HIGH
  - MEDIUM
  # - LOW  # Uncomment to include low severity

# Output format
format: table

# Exit code on findings
exit-code: 1

# Timeout
timeout: 10m

# Cache directory
cache-dir: /tmp/trivy-cache

# Skip files/directories
skip-dirs:
  - node_modules
  - venv
  - .venv
  - __pycache__
  - .git
  - .idea
  - .vscode

skip-files:
  - "*.md"
  - "*.txt"
  - "*.log"

# Ignore specific vulnerabilities (add after review)
ignorefile: .trivyignore

# SBOM generation
sbom:
  format: cyclonedx
  output: sbom.json