Docker Scout with fs://. should obey .dockerignore patterns when considering which SBOM directories and file paths to scan, and which to skip.
There should also be a command line flag like --exclude <pattern> [--exclude <pattern> [--exclude <pattern> ...]]] to supplement .dockerignore with additional patterns.
It's technically possible to workaround these gaps by through git and cp tricks, but A) computers exist to automate and B) many users are likely to fumble the manual steps involved. Please just do this as a built-in.
Most security and automation tools provide mechanisms to ignore file patterns.
Docker Scout with
fs://.should obey.dockerignorepatterns when considering which SBOM directories and file paths to scan, and which to skip.There should also be a command line flag like
--exclude <pattern> [--exclude <pattern> [--exclude <pattern> ...]]]to supplement.dockerignorewith additional patterns.It's technically possible to workaround these gaps by through git and cp tricks, but A) computers exist to automate and B) many users are likely to fumble the manual steps involved. Please just do this as a built-in.
Most security and automation tools provide mechanisms to ignore file patterns.