Adds .trivyignore and use it in the scan (#1520)
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
5
.github/workflows/.trivyignore
vendored
Normal file
5
.github/workflows/.trivyignore
vendored
Normal file
@@ -0,0 +1,5 @@
|
||||
# org.springframework:spring-web:5.3.31.RELEASE, ineffective vulnerability - hawkBit doesn't use beans of type HttpInvokerServiceExporter in applications
|
||||
CVE-2016-1000027
|
||||
|
||||
# org.yaml:snakeyaml:1.33, ineffective vulnerability - Not applicable. Applications does not consume user-provided YAML data
|
||||
CVE-2022-1471
|
||||
Reference in New Issue
Block a user