mirror of
https://github.com/kemko/nomad.git
synced 2026-01-01 16:05:42 +03:00
3ab1673552
The vulnerability has been withdrawn but it may be a while until it is removed from the DB used by scanning. Suppressing this removes the false result in scanning processes. The change should be reverted once the DB is updated.
59 lines
1.5 KiB
HCL
59 lines
1.5 KiB
HCL
# Copyright (c) HashiCorp, Inc.
|
|
# SPDX-License-Identifier: BUSL-1.1
|
|
|
|
# Configuration for security scanner.
|
|
# Run on PRs and pushes to `main` and `release/**` branches.
|
|
# See .github/workflows/security-scan.yml for CI config.
|
|
|
|
# To run manually, install scanner and then run `scan repository .`
|
|
|
|
# Scan results are triaged via the GitHub Security tab for this repo.
|
|
# See `security-scanner` docs for more information on how to add `triage` config
|
|
# for specific results or to exclude paths.
|
|
|
|
# This file controls scanning the repository only, not release artifacts. See
|
|
# .release/security-scan.hcl for the scanner config for release artifacts, which
|
|
# will block releases.
|
|
|
|
repository {
|
|
go_modules = true
|
|
npm = true
|
|
osv = true
|
|
go_stdlib_version_file = ".go-version"
|
|
|
|
secrets {
|
|
all = true
|
|
skip_path_strings = ["/website/content/"]
|
|
}
|
|
|
|
github_actions {
|
|
pinned_hashes = true
|
|
}
|
|
|
|
dependabot {
|
|
required = true
|
|
check_config = true
|
|
}
|
|
|
|
dockerfile {
|
|
pinned_hashes = true
|
|
curl_bash = true
|
|
}
|
|
|
|
# Triage items that are _safe_ to ignore here. Note that this list should be
|
|
# periodically cleaned up to remove items that are no longer found by the scanner.
|
|
triage {
|
|
suppress {
|
|
vulnerabilities = [
|
|
"GO-2025-3543", // github.com/opencontainers/runc TODO(jrasell): remove once withdrawn from DBs.
|
|
]
|
|
paths = [
|
|
"ui/tests/*",
|
|
"internal/testing/*",
|
|
"testutil/*",
|
|
"website/content/*",
|
|
]
|
|
}
|
|
}
|
|
}
|