Triaging FPs for lifecycle (#4949)

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
wolfi-dev · May 16, 2024 · e6fceca · e6fceca
1 parent 90822f1
commit e6fceca
Show file tree

Hide file tree

Showing 7 changed files with 50 additions and 0 deletions.
diff --git a/calico.advisories.yaml b/calico.advisories.yaml
@@ -30,6 +30,11 @@ advisories:
             componentType: go-module
             componentLocation: /usr/bin/calico-filecheck
             scanner: grype
+      - timestamp: 2024-05-16T16:18:19Z
+        type: false-positive-determination
+        data:
+          type: vulnerable-code-version-not-used
+          note: This vulnerbility affects versions 3.14.0 and below, but the installed commit corresponds to version 3.28.0.
 
   - id: CVE-2020-8552
     aliases:

diff --git a/coredns.advisories.yaml b/coredns.advisories.yaml
@@ -20,6 +20,11 @@ advisories:
             componentType: go-module
             componentLocation: /usr/bin/coredns
             scanner: grype
+      - timestamp: 2024-05-16T16:35:15Z
+        type: false-positive-determination
+        data:
+          type: vulnerable-code-version-not-used
+          note: This vulnerability affects versions < 1.9.3, but the installed commit corresponds to version 1.11.3.
 
   - id: CVE-2022-2837
     aliases:
@@ -37,6 +42,11 @@ advisories:
             componentType: go-module
             componentLocation: /usr/bin/coredns
             scanner: grype
+      - timestamp: 2024-05-16T16:34:18Z
+        type: false-positive-determination
+        data:
+          type: vulnerable-code-version-not-used
+          note: This vulnerability affects versions < 1.9.3, but the installed commit corresponds to version 1.11.3.
 
   - id: CVE-2023-39325
     aliases:
@@ -187,6 +197,11 @@ advisories:
             componentType: go-module
             componentLocation: /usr/bin/coredns
             scanner: grype
+      - timestamp: 2024-05-16T16:36:10Z
+        type: false-positive-determination
+        data:
+          type: vulnerable-code-version-not-used
+          note: This vulnerability affects versions < 1.11.2, but the installed commit corresponds to version 1.11.3.
 
   - id: CVE-2024-22189
     aliases:

diff --git a/ingress-nginx-controller.advisories.yaml b/ingress-nginx-controller.advisories.yaml
@@ -20,6 +20,11 @@ advisories:
             componentType: go-module
             componentLocation: /usr/bin/nginx-ingress-controller
             scanner: grype
+      - timestamp: 2024-05-16T16:22:57Z
+        type: false-positive-determination
+        data:
+          type: vulnerable-code-version-not-used
+          note: This vulnerability affects versions < 1.5, but the installed commit corresponds to version 1.10.1.
 
   - id: CVE-2020-8553
     aliases:
@@ -37,6 +42,11 @@ advisories:
             componentType: go-module
             componentLocation: /usr/bin/nginx-ingress-controller
             scanner: grype
+      - timestamp: 2024-05-16T16:21:20Z
+        type: false-positive-determination
+        data:
+          type: vulnerable-code-version-not-used
+          note: This vulnerability affects versions < 0.28.0, but the installed commit corresponds to version 1.10.1.
 
   - id: CVE-2021-25745
     aliases:

diff --git a/istio-cni-1.21.advisories.yaml b/istio-cni-1.21.advisories.yaml
@@ -108,6 +108,11 @@ advisories:
             componentType: go-module
             componentLocation: /usr/bin/istio-cni
             scanner: grype
+      - timestamp: 2024-05-16T16:31:51Z
+        type: false-positive-determination
+        data:
+          type: vulnerable-code-version-not-used
+          note: This vulnerability affects versions < 1.14.1, but the installed commit corresponds to version 1.21.2.
 
   - id: CVE-2023-45288
     aliases:

diff --git a/istio-operator-1.21.advisories.yaml b/istio-operator-1.21.advisories.yaml
@@ -147,6 +147,11 @@ advisories:
             componentType: go-module
             componentLocation: /usr/bin/operator
             scanner: grype
+      - timestamp: 2024-05-16T16:30:11Z
+        type: false-positive-determination
+        data:
+          type: vulnerable-code-version-not-used
+          note: This vulnerability affects versions < 1.14.1, but the installed commit corresponds to version 1.21.2.
 
   - id: CVE-2023-45288
     aliases:

diff --git a/istio-pilot-agent-1.21.advisories.yaml b/istio-pilot-agent-1.21.advisories.yaml
@@ -108,6 +108,11 @@ advisories:
             componentType: go-module
             componentLocation: /usr/bin/pilot-agent
             scanner: grype
+      - timestamp: 2024-05-16T16:30:42Z
+        type: false-positive-determination
+        data:
+          type: vulnerable-code-version-not-used
+          note: This vulnerability affects versions < 1.14.1, but the installed commit corresponds to version 1.21.2.
 
   - id: CVE-2023-45288
     aliases:

diff --git a/istio-pilot-discovery-1.21.advisories.yaml b/istio-pilot-discovery-1.21.advisories.yaml
@@ -108,6 +108,11 @@ advisories:
             componentType: go-module
             componentLocation: /usr/bin/pilot-discovery
             scanner: grype
+      - timestamp: 2024-05-16T16:31:10Z
+        type: false-positive-determination
+        data:
+          type: vulnerable-code-version-not-used
+          note: This vulnerability affects versions < 1.14.1, but the installed commit corresponds to version 1.21.2.
 
   - id: CVE-2023-45288
     aliases: