Skip to content

Commit

Permalink
ci: ignore CVE-2024-0567 and CVE-2023-5981 to fix ci (#506)
Browse files Browse the repository at this point in the history 
Signed-off-by: Xander Grzywinski <xandergrzyw@gmail.com>
Signed-off-by: Sertac Ozercan <sozercan@gmail.com>
Co-authored-by: Sertac Ozercan <sozercan@gmail.com>
  • Loading branch information
@salaxander @sozercan
salaxander and sozercan committed Feb 17, 2024
1 parent 2f621d1 commit 5274edf
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 3 deletions.
8 changes: 6 additions & 2 deletions integration/fixtures/trivy_ignore.rego
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,15 @@ default ignore = false

# Ignore the following Vulnerability IDs
ignore_vulnerability_ids := {
# centos 7.6.1810
# docker.io/library/centos:7.6.1810
# bind-license package version "9.11.4-26.P2.el7_9.15" does not exist
"CVE-2023-3341",
# libssh2 package version "1.8.0-4.el7_9.1" does not exist yet
"CVE-2020-22218"
"CVE-2020-22218",

# docker.io/library/nginx:1.21.6
# debian db bug since there's no libgnutls30 3.7.1-5+deb11u5
"CVE-2024-0567", "CVE-2023-5981"
}

# For ignoring vulnID
Expand Down
2 changes: 1 addition & 1 deletion integration/patch_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -173,7 +173,7 @@ func patch(t *testing.T, ref, patchedTag, path string, ignoreErrors bool) {
"-t="+patchedTag,
"-r="+path+"/scan.json",
"-s="+scannerPlugin,
"--timeout=20m",
"--timeout=30m",
addrFl,
"--ignore-errors="+strconv.FormatBool(ignoreErrors),
"--output="+path+"/vex.json",
Expand Down

0 comments on commit 5274edf

Please sign in to comment.