mirror of
https://github.com/kemko/nomad.git
synced 2026-01-01 16:05:42 +03:00
2d771f0f10
* security: bypass scan for GO-2025-3829 This report is unverified by upstream and has no release fixing it. In any case, this problem with firewalld doesn't impact Nomad's use of the dependency as a library, only the uses of it in `dockerd`. Bypass it from our scans for now. Ref: https://github.com/moby/moby/releases/tag/v28.3.3 Ref: https://pkg.go.dev/vuln/GO-2025-3829 * Update .release/security-scan.hcl Co-authored-by: Deniz Onur Duzgun <59659739+dduzgun-security@users.noreply.github.com> --------- Co-authored-by: Deniz Onur Duzgun <59659739+dduzgun-security@users.noreply.github.com>
39 lines
1.0 KiB
HCL
39 lines
1.0 KiB
HCL
# Copyright (c) HashiCorp, Inc.
|
|
# SPDX-License-Identifier: BUSL-1.1
|
|
|
|
container {
|
|
local_daemon = true
|
|
|
|
secrets {
|
|
all = true
|
|
skip_path_strings = ["/website/content/"]
|
|
}
|
|
|
|
dependencies = true
|
|
alpine_security = true
|
|
}
|
|
|
|
binary {
|
|
go_modules = true
|
|
osv = true
|
|
go_stdlib = true
|
|
nvd = false
|
|
|
|
secrets {
|
|
all = true
|
|
skip_path_strings = ["/website/content/"]
|
|
}
|
|
|
|
# Triage items that are _safe_ to ignore here. Note that this list should be
|
|
# periodically cleaned up to remove items that are no longer found by the scanner.
|
|
triage {
|
|
suppress {
|
|
vulnerabilities = [
|
|
"GO-2022-0635", // github.com/aws/aws-sdk-go@v1.55.6 TODO(jrasell): remove when dep updated.
|
|
"GO-2025-3543", // github.com/opencontainers/runc TODO(jrasell): remove once withdrawn from DBs.
|
|
"GO-2025-3829", // https://github.com/moby/moby/releases/tag/v28.3.3 TODO(tgross): remove once verified, updated or withdrawn https://pkg.go.dev/vuln/GO-2025-3829
|
|
]
|
|
}
|
|
}
|
|
}
|