Skip to content

Commit

Permalink
dev: repository trivy warnings only megalinter config
Browse files Browse the repository at this point in the history 
trivy reporting CVE-2024-22871 which uses a serialisation approach described by the
Clojure documentation as an unsafe practice

CVE-2024-22871 is not considered a viable vunerability

https://ask.clojure.org/index.php/13617/security-problems-command-execution-clojure-deserialization#c13628

  pom.xml (pom)
  =============
  Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)

  ┌─────────────────────┬────────────────┬──────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐
  │       Library       │ Vulnerability  │ Severity │  Status  │ Installed Version │ Fixed Version │                   Title                    │
  ├─────────────────────┼────────────────┼──────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤
  │ org.clojure:clojure │ CVE-2024-22871 │ MEDIUM   │ affected │ 1.11.1            │               │ Clojure Denial of Service vulnerability    │
  │                     │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2024-22871 │
  └─────────────────────┴────────────────┴──────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘

  resources/practicalli/service/root/pom.xml (pom)
  ================================================
  Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)

  ┌─────────────────────┬────────────────┬──────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐
  │       Library       │ Vulnerability  │ Severity │  Status  │ Installed Version │ Fixed Version │                   Title                    │
  ├─────────────────────┼────────────────┼──────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤
  │ org.clojure:clojure │ CVE-2024-22871 │ MEDIUM   │ affected │ 1.11.1            │               │ Clojure Denial of Service vulnerability    │
  │                     │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2024-22871 │
  └─────────────────────┴────────────────┴──────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘
  • Loading branch information
@practicalli-johnny
practicalli-johnny committed Mar 2, 2024
1 parent 13ad7a5 commit 27a7e32
Show file tree
Hide file tree
Showing 5 changed files with 6 additions and 0 deletions.
1 change: 1 addition & 0 deletions .github/config/megalinter.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ MARKDOWN_REMARK_LINT_DISABLE_ERRORS: true
# MARKDOWN_MARKDOWN_TABLE_FORMATTER_DISABLE_ERRORS: false

REPOSITORY_TRUFFLEHOG_DISABLE_ERRORS: true # Errors only as warnings
REPOSITORY_TRIVY_DISABLE_ERRORS: true # Errors only as warnings

# SPELL_CSPELL_DISABLE_ERRORS: true
SPELL_MISSPELL_DISABLE_ERRORS: true
Expand Down
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@
All notable changes to this project will be documented in this file. This change log follows the conventions of [keepachangelog.com](http://keepachangelog.com/).

# [Unreleased]
## Changed
- dev: repository trivy warnings only megalinter config


# 2024-01-23
Expand Down
1 change: 1 addition & 0 deletions resources/practicalli/application/root/.github/config/megalinter.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ MARKDOWN_REMARK_LINT_DISABLE_ERRORS: true
# MARKDOWN_MARKDOWN_TABLE_FORMATTER_DISABLE_ERRORS: false

REPOSITORY_TRUFFLEHOG_DISABLE_ERRORS: true # Errors only as warnings
REPOSITORY_TRIVY_DISABLE_ERRORS: true # Errors only as warnings

# SPELL_CSPELL_DISABLE_ERRORS: true
SPELL_MISSPELL_DISABLE_ERRORS: true
Expand Down
1 change: 1 addition & 0 deletions resources/practicalli/landing_page/root/.github/config/megalinter.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ MARKDOWN_REMARK_LINT_DISABLE_ERRORS: true
# MARKDOWN_MARKDOWN_TABLE_FORMATTER_DISABLE_ERRORS: false

REPOSITORY_TRUFFLEHOG_DISABLE_ERRORS: true # Errors only as warnings
REPOSITORY_TRIVY_DISABLE_ERRORS: true # Errors only as warnings

# SPELL_CSPELL_DISABLE_ERRORS: true
SPELL_MISSPELL_DISABLE_ERRORS: true
Expand Down
1 change: 1 addition & 0 deletions resources/practicalli/service/root/.github/config/megalinter.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ MARKDOWN_REMARK_LINT_DISABLE_ERRORS: true
# MARKDOWN_MARKDOWN_TABLE_FORMATTER_DISABLE_ERRORS: false

REPOSITORY_TRUFFLEHOG_DISABLE_ERRORS: true # Errors only as warnings
REPOSITORY_TRIVY_DISABLE_ERRORS: true # Errors only as warnings

# SPELL_CSPELL_DISABLE_ERRORS: true
SPELL_MISSPELL_DISABLE_ERRORS: true
Expand Down

0 comments on commit 27a7e32

Please sign in to comment.