Skip to content

Commit

Permalink
security: triage false positive for go-jose/v3
Browse files Browse the repository at this point in the history 
Per https://osv.dev/vulnerability/GO-2024-2631 this vulnerability is not
present in the version currently used (go-jose/v3@3.0.3).
  • Loading branch information
@zalimeni
zalimeni committed Mar 26, 2024
1 parent d7f2563 commit c8d6b25
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 0 deletions.
11 changes: 11 additions & 0 deletions .release/security-scan.hcl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,4 +67,15 @@ binary {
]
}
}

# Triage items that are _safe_ to ignore here. Note that this list should be
# periodically cleaned up to remove items that are no longer found by the scanner.
triage {
suppress {
# N.b. `vulnerabilites` is the correct spelling for this tool.
vulnerabilites = [
"GO-2024-2631", # go-jose/v3@v3.0.3 (false positive)
]
}
}
}
11 changes: 11 additions & 0 deletions scan.hcl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,4 +22,15 @@ repository {
secrets {
all = true
}

# Triage items that are _safe_ to ignore here. Note that this list should be
# periodically cleaned up to remove items that are no longer found by the scanner.
triage {
suppress {
# N.b. `vulnerabilites` is the correct spelling for this tool.
vulnerabilites = [
"GO-2024-2631", # go-jose/v3@v3.0.3 (false positive)
]
}
}
}

0 comments on commit c8d6b25

Please sign in to comment.