Consider option or ignore-file allowing to ignore a list of CVEs

[paul-ri]

Hi,

It would make sense for some of my use cases to be able to ignore some CVEs. For example a vulnerable library may be present in the image but is unused in the application.

Trivy for example provides a way to ignore CVE by IDs via an ignore file: https://aquasecurity.github.io/trivy/dev/docs/configuration/filtering/#by-finding-ids

Can I suggest: --ignore-ids / --filter-ids / --filter-ids ... ? Although a file is good as I can write comments to justify the reason to ignore them.

Currently, I've had to create a wee python script that reads a YAML file where I can add which image should ignore what CVEs; I then read the JSON output of Scout to report on the result.

Thanks for providing Docker Scout!