-
Notifications
You must be signed in to change notification settings - Fork 437
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
1.15.x - Clear .trivyignore file (#9536)
- Loading branch information
Showing
2 changed files
with
6 additions
and
28 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,28 +1 @@ | ||
# emicklei/go-restful - Authorization Bypass Through User-Controlled Key | ||
# This should be fixed in v2's 2.16.0, although talks were undergoing about why this still shows up as an issue. | ||
# https://github.com/emicklei/go-restful/pull/503 | ||
CVE-2022-1996 | ||
|
||
# These CVEs only impacts install of Gloo-Edge from Glooctl CLI. | ||
# Also Helm module is used in testing, which has no impact on exploitation. | ||
# Gloo-Edge data and control planes are not impacted at all by the helm module. | ||
# Glooctl is not a long running program, and does not affect future uses of Glooctl. | ||
# https://github.com/solo-io/gloo/issues/7598 | ||
# https://github.com/helm/helm/security/advisories/GHSA-6rx9-889q-vv2r | ||
CVE-2022-23524 | ||
# https://github.com/helm/helm/security/advisories/GHSA-53c4-hhmh-vw5q | ||
CVE-2022-23525 | ||
# https://github.com/helm/helm/security/advisories/GHSA-67fx-wx78-jx33 | ||
CVE-2022-23526 | ||
|
||
# https://nvd.nist.gov/vuln/detail/CVE-2022-41721 | ||
# Ignore this vulnerability; it does not affect the gateway-proxy image. | ||
# No handlers exposed by the control plane fall victim to this attack | ||
# because we do not use the maxBytesHandler | ||
CVE-2022-41721 | ||
|
||
# https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw | ||
# This CVE has not yet been patched in the kubectl version we are using, however it should not | ||
# affect us as kubernetes does not use the affected code path (see description in | ||
# https://github.com/kubernetes/kubernetes/pull/118036). | ||
CVE-2023-2253 | ||
# This file is only meaningful in the `main` branch |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
changelog: | ||
- type: NON_USER_FACING | ||
description: >- | ||
Remove contents of `.trivyignore` file to avoid confusion, as only the main branch `.trivyignore` file is used in security scans. | ||
skipCI-kube-tests:true |