Waive 3 Go code scanning vulnerability alerts. (#18007)

Waiving 3 Go code scanning alerts flagged by osv-scanner.
fleetdm · Apr 3, 2024 · 746309c · 746309c
1 parent 1d80aa7
commit 746309c
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 0 deletions.
diff --git a/osv-scanner.toml b/osv-scanner.toml
@@ -0,0 +1,10 @@
+# Configure OSV-Scanner
+# https://google.github.io/osv-scanner/configuration/
+
+[[IgnoredVulns]]
+id = "GO-2022-0646"
+reason = "2024/04/02 - This project does not use github.com/aws/aws-sdk-go/service/s3/s3crypto. Reference: https://osv.dev/vulnerability/GO-2022-0646"
+
+[[IgnoredVulns]]
+id = "GO-2023-1788"
+reason = "2024/04/02 - When packaging linux files, we do not use global permissions. Manually verified that packed fleet-osquery files do not have group/global write permissions. Reference: https://osv.dev/vulnerability/GO-2023-1788"
diff --git a/terraform/addons/monitoring/lambda/osv-scanner.toml b/terraform/addons/monitoring/lambda/osv-scanner.toml
@@ -0,0 +1,6 @@
+# Configure OSV-Scanner
+# https://google.github.io/osv-scanner/configuration/
+
+[[IgnoredVulns]]
+id = "GO-2022-0646"
+reason = "2024/04/02 - This project does not use github.com/aws/aws-sdk-go/service/s3/s3crypto. Reference: https://osv.dev/vulnerability/GO-2022-0646"
diff --git a/tools/blackhat-mdm/mdm_server_poc/osv-scanner.toml b/tools/blackhat-mdm/mdm_server_poc/osv-scanner.toml
@@ -0,0 +1,6 @@
+# Configure OSV-Scanner
+# https://google.github.io/osv-scanner/configuration/
+
+[[IgnoredVulns]]
+id = "GO-2023-2402"
+reason = "2024/04/02 - This is not production code."