forked from hashicorp/consul-k8s
-
Notifications
You must be signed in to change notification settings - Fork 0
/
scan.hcl
47 lines (40 loc) · 1.38 KB
/
scan.hcl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
# Configuration for security scanner.
# Run on PRs and pushes to `main` and `release/**` branches.
# See .github/workflows/security-scan.yml for CI config.
# To run manually, install scanner and then run `scan repository .`
# Scan results are triaged via the GitHub Security tab for this repo.
# See `security-scanner` docs for more information on how to add `triage` config
# for specific results or to exclude paths.
# .release/security-scan.hcl controls scanner config for release artifacts, which
# unlike the scans configured here, will block releases in CRT.
repository {
go_modules = true
npm = true
osv = true
secrets {
all = true
}
triage {
suppress {
paths = [
# Ignore test and local tool modules, which are not included in published
# artifacts.
"acceptance/*",
"hack/*",
]
vulnerabilites = [
# NET-8174 (2024-02-20): Chart YAML path traversal (not impacted)
"GHSA-v53g-5gjp-272r",
"GO-2024-2554", # alias
"CVE-2024-25620", # alias
# NET-8174 (2024-02-26): Missing YAML Content Leads To Panic (requires malicious plugin)
"GHSA-r53h-jv2g-vpx6",
"CVE-2024-26147", # alias
"GHSA-jw44-4f3j-q396", # Tracked in NET-8174
"CVE-2019-25210" # alias
]
}
}
}