imagescan: Add support for per project/group ignore of specific CVEs
We will encounter situations where a critical vulnerability exists, has a fixed version, but for some reason getting that fix in is difficult (an example could be upstream library deps that have not yet been fixed). In some of those cases, we know that the vulnerability does not impact the project due to the way it is used.
This MR makes it possible for a project/group to set a variable TRIVY_IGNORE_LIST
to a string with a space separated list of specific CVEs that should be ignore. They will then be added to a .trivyignore
file before scanning.