upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-12-18 15:56:29 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 12

security: handle false positive OSV vulns in UBI images (#11436) (#11437)

Browse source 
Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
This commit is contained in:
Vault Automation 2025-12-17 13:16:28 -07:00 committed by GitHub
parent 4900cbfe1a
commit 49974cb486
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
.release/security-scan.hcl
View file

@ -32,6 +32,17 @@ container {
"CVE-2024-58251",
"GO-2022-0635", // github.com/aws/aws-sdk-go@v1.x
]
// The OSV scanner will trip on several packages that are included in the
// the UBI images. This is due to RHEL using the same base version in the
// package name for the life of the distro regardless of whether or not
// that version has been patched for security. Rather than enumate ever
// single CVE that the OSV scanner will find (several tens) we'll ignore
// the base UBI packages.
paths = [
"usr/lib/sysimage/rpm/*",
"var/lib/rpm/*",
]
}
}
}