Skip to content

Commit

Permalink
Add .grype.yaml to ignore known non-impactful CVEs (#923)
Browse files Browse the repository at this point in the history 
Signed-off-by: Natalie Arellano <narellano@vmware.com>

Signed-off-by: Natalie Arellano <narellano@vmware.com>
  • Loading branch information
@natalieparellano
natalieparellano authored Oct 10, 2022
1 parent 798b728 commit e6cf04c
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions .grype.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
ignore:
- vulnerability: CVE-2015-5237 # false positive, see https://github.com/anchore/grype/issues/558
- vulnerability: CVE-2021-22570 # false positive, see https://github.com/anchore/grype/issues/558
- vulnerability: GHSA-f3fp-gc8g-vw66 # can't update github.com/opencontainers/runc until it is updated in github.com/docker/docker
- vulnerability: GHSA-v95c-p5hm-xq8f # can't update github.com/opencontainers/runc until it is updated in github.com/docker/docker

0 comments on commit e6cf04c

Please sign in to comment.