github.com/Racer159/jackal@v0.32.7-0.20240401174413-0bd2339e4f2e/.grype.yaml

github.com/Racer159/jackal@v0.32.7-0.20240401174413-0bd2339e4f2e/.grype.yaml (about)

     1  # Ignore file for false positives from protobuf, see the following for more information:
     2  #   https://github.com/anchore/grype/issues/558
     3  ignore:
     4    # This vulnerability does not affect Jackal as we do not instantiate a rekor client
     5    - vulnerability: GHSA-2h5h-59f5-c5x9
     6  
     7    # This vulnerability does not affect Jackal as we do not instantiate a rekor client
     8    - vulnerability: GHSA-frqx-jfcm-6jjr
     9  
    10    # From rouille - The Jackal injector does not expose endpoints that use multipart form data
    11    - vulnerability: GHSA-mc8h-8q98-g5hr
    12  
    13    # From semver - This comes through nodemon which is only used for development
    14    - vulnerability: GHSA-c2qf-rxjj-qqgw
    15  
    16    # From k8s.io/apiserver - This is a false positive due to the difference in versioning between the library / binary k8s versioning
    17    - vulnerability: GHSA-82hx-w2r5-c2wq
    18  
    19    # From helm - This behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values).
    20    - vulnerability: GHSA-jw44-4f3j-q396