Skip to content

Commit

Permalink
Merge pull request #6955 from SgtCoDFish/release-1.14-ignore-CVE-2020…
Browse files Browse the repository at this point in the history 
…-8559

[release-1.14] ignore trivy false positive CVE-2020-8559
  • Loading branch information
@cert-manager-prow
cert-manager-prow[bot] committed Apr 25, 2024
2 parents c1bc830 + b774723 commit 6a09152
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions .trivyignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,8 @@ CVE-2019-25210

# CVE-2024-24557 is a CVE in the docker CLI, which we're not using
CVE-2024-24557

# CVE-2020-8559 is a vuln in old Kubernetes versions which seems to be incorrectly flagged by trivy. It seems like
# the version detection is wrongly looking at apiserver packages with versions < 1 - but all apiserver packages have
# a major version of 0. In any case this is a vuln in Kubernetes clusters, not in our code.
CVE-2020-8559

0 comments on commit 6a09152

Please sign in to comment.