github.com/Racer159/jackal@v0.32.7-0.20240401174413-0bd2339e4f2e/.grype.yaml (about) 1 # Ignore file for false positives from protobuf, see the following for more information: 2 # https://github.com/anchore/grype/issues/558 3 ignore: 4 # This vulnerability does not affect Jackal as we do not instantiate a rekor client 5 - vulnerability: GHSA-2h5h-59f5-c5x9 6 7 # This vulnerability does not affect Jackal as we do not instantiate a rekor client 8 - vulnerability: GHSA-frqx-jfcm-6jjr 9 10 # From rouille - The Jackal injector does not expose endpoints that use multipart form data 11 - vulnerability: GHSA-mc8h-8q98-g5hr 12 13 # From semver - This comes through nodemon which is only used for development 14 - vulnerability: GHSA-c2qf-rxjj-qqgw 15 16 # From k8s.io/apiserver - This is a false positive due to the difference in versioning between the library / binary k8s versioning 17 - vulnerability: GHSA-82hx-w2r5-c2wq 18 19 # From helm - This behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values). 20 - vulnerability: GHSA-jw44-4f3j-q396