forked from ministryofjustice/visit-scheduler
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy path.trivyignore
22 lines (22 loc) · 1.12 KB
/
.trivyignore
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# WARNING - THIS FILE WAS GENERATED BY THE dps-gradle-spring-boot GRADLE PLUGIN
# AND ANY MANUAL CHANGES WILL BE OVERRIDDEN ON YOUR NEXT BUILD.
#
# To make general changes to the suppressions below, change the gradle plugin dps-gradle-spring-boot,
# publish a new version and update to the new version in your gradle build script
#
# To stop the dps-gradle-spring-boot project from overwriting any project specific customisations here, remove the
# warning at the top of this file.
#
# Suppression for snakeyaml 1.30 vulnerability as bundled with application insights so can't be upgraded easily
# Can be suppressed as we we don't parse untrusted yaml
CVE-2022-25857
CVE-2022-38751
# Suppression for snakeyaml 1.31 vulnerability as not fixed yet
# Can be suppressed as we we don't parse untrusted yaml
CVE-2022-38752
# Suppression for jackson databind 2.13.4 as no release for it yet
# Can be suppressed as UNWRAP_SINGLE_VALUE_ARRAYS is not enabled
CVE-2022-42003
# Suppression for jackson databind 2.13.3 as bundled with application insights
# Can be suppressed as don't parse untrusted json in application insights
CVE-2022-42004