.grype.yml

# List of vulnerabilities to ignore for the anchore scan
# https://github.com/anchore/grype#specifying-matches-to-ignore
# More info can be found in the docs/infra/vulnerability-management.md file

# Please add safelists in the following format to make it easier when checking
# Package/module name: URL to vulnerability for checking updates
#  Versions:     URL to the version history
#  Dependencies: Name of any other packages or modules that are dependent on this version
#                 Link to the dependencies for ease of checking for updates
#  Issue:         Why there is a finding and why this is here or not been removed
#  Last checked:  Date last checked in scans
# - vulnerability: The-CVE-or-vuln-id # Remove comment at start of line

ignore:
  # These settings ignore any findings that fall into these categories
  - fix-state: not-fixed
  - fix-state: wont-fix
  - fix-state: unknown
  # Golang vulnerabilities inside of a python docker image. Both originate from lower level packages within the GitHub CLI:
  # https://github.com/cli/cli/blob/trunk/go.mod#L101 
  # https://github.com/cli/cli/blob/trunk/go.mod#L161
  - vulnerability: GHSA-4v7x-pqxf-cx7m
  - vulnerability: GHSA-v6v8-xj6m-xwqh
  # https://github.com/anchore/grype/issues/1172
  - vulnerability: GHSA-xqr8-7jwr-rhp7
  - vulnerability: GHSA-7fh5-64p2-3v2j
  # pip vulnerability, need to wait for the Python image to update to 23.x
  # https://github.com/docker-library/python/blob/402b993af9ca7a5ee22d8ecccaa6197bfb957bc5/3.12/slim-bookworm/Dockerfile#L137
  - vulnerability: GHSA-mq26-g339-26xf
  # 11/14/2023 - Postgres vulnerabilities in the Debian image
  - vulnerability: CVE-2023-39417
  - vulnerability: CVE-2023-5869
  - vulnerability: CVE-2023-39418
  - vulnerability: CVE-2023-5868
  - vulnerability: CVE-2023-5870