Add vulnerabilities to ignore file (#690)

Add vulnerabilities to ignore file
HHS · Nov 17, 2023 · 0caf864 · 0caf864
1 parent 9ec395b
commit 0caf864
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 3 deletions.
diff --git a/.grype.yml b/.grype.yml
@@ -19,6 +19,12 @@ ignore:
   # https://github.com/anchore/grype/issues/1172
   - vulnerability: GHSA-xqr8-7jwr-rhp7
   - vulnerability: GHSA-7fh5-64p2-3v2j
-    # pip vulnerability, need to wait for the Python image to update to 23.x
-    # https://github.com/docker-library/python/blob/402b993af9ca7a5ee22d8ecccaa6197bfb957bc5/3.12/slim-bookworm/Dockerfile#L137
+  # pip vulnerability, need to wait for the Python image to update to 23.x
+  # https://github.com/docker-library/python/blob/402b993af9ca7a5ee22d8ecccaa6197bfb957bc5/3.12/slim-bookworm/Dockerfile#L137
   - vulnerability: GHSA-mq26-g339-26xf
+  # 11/14/2023 - Postgres vulnerabilities in the Debian image
+  - vulnerability: CVE-2023-39417
+  - vulnerability: CVE-2023-5869
+  - vulnerability: CVE-2023-39418
+  - vulnerability: CVE-2023-5868
+  - vulnerability: CVE-2023-5870
diff --git a/.trivyignore b/.trivyignore
@@ -7,4 +7,10 @@
 #  Issue:         Why there is a finding and why this is here or not been removed
 #  Last checked:  Date last checked in scans
 #The-CVE-or-vuln-id # Remove comment at start of line
-CVE-2023-5363
+CVE-2023-5363
+# 11/14/2023 - Postgres vulnerabilities in the Debian image
+CVE-2023-39417
+CVE-2023-5869
+CVE-2023-39418
+CVE-2023-5868
+CVE-2023-5870