sourcegraph/.trivyignore at main - sourcegraph - Gitea: Git with a cup of tea

artin/sourcegraph

mirror of https://github.com/sourcegraph/sourcegraph.git synced 2026-02-06 09:11:56 +00:00

Keegan Carruthers-Smith 51f22f89ed

ci: ignore benign CVE-2021-43816 in prometheus (#31069 )

This is not exploitable due to how prometheus uses containerd. So we can
remove the trivy reports for it.

Test Plan: main dry run to see if report goes away.

2022-02-11 16:49:10 +00:00

9 lines

319 B

Plaintext

Raw Permalink Blame History

 # github.com/containerd/containerd use in prometheus does not allow
 # explotation of the CVE. Prometheus has an open PR to update the dependency:
 # https://github.com/prometheus/prometheus/pull/10282
 # Documentation for false-positive report
 # https://github.com/sourcegraph/security-issues/issues/218
 CVE-2021-43816