-
Notifications
You must be signed in to change notification settings - Fork 23
/
Copy path.grype.yml
30 lines (28 loc) · 1.46 KB
/
.grype.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# List of vulnerabilities to ignore for the anchore scan
# https://github.com/anchore/grype#specifying-matches-to-ignore
# More info can be found in the docs/infra/vulnerability-management.md file
# Please add safelists in the following format to make it easier when checking
# Package/module name: URL to vulnerability for checking updates
# Versions: URL to the version history
# Dependencies: Name of any other packages or modules that are dependent on this version
# Link to the dependencies for ease of checking for updates
# Issue: Why there is a finding and why this is here or not been removed
# Last checked: Date last checked in scans
# - vulnerability: The-CVE-or-vuln-id # Remove comment at start of line
ignore:
# These settings ignore any findings that fall into these categories
- fix-state: not-fixed
- fix-state: wont-fix
- fix-state: unknown
# https://github.com/anchore/grype/issues/1172
- vulnerability: GHSA-xqr8-7jwr-rhp7
- vulnerability: GHSA-7fh5-64p2-3v2j
# pip vulnerability, need to wait for the Python image to update to 23.x
# https://github.com/docker-library/python/blob/402b993af9ca7a5ee22d8ecccaa6197bfb957bc5/3.12/slim-bookworm/Dockerfile#L137
- vulnerability: GHSA-mq26-g339-26xf
# 11/14/2023 - Postgres vulnerabilities in the Debian image
- vulnerability: CVE-2023-39417
- vulnerability: CVE-2023-5869
- vulnerability: CVE-2023-39418
- vulnerability: CVE-2023-5868
- vulnerability: CVE-2023-5870