forked from Checkmarx/kics
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtrivy-ignore.rego
44 lines (39 loc) · 2 KB
/
trivy-ignore.rego
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
package trivy
default ignore = false
ignore_cve := {
"terraform-provider-aws" : {
"golang.org/x/crypto" : ["CVE-2021-43565", "CVE-2022-27191", "CVE-2023-48795"],
"golang.org/x/net" : ["CVE-2022-27664", "CVE-2022-41723", "CVE-2023-39325", "CVE-2023-3978", "CVE-2023-44487"],
"golang.org/x/sys" : ["CVE-2022-29526"],
"golang.org/x/text" : ["CVE-2021-38561", "CVE-2022-32149"],
"google.golang.org/grpc" : ["GHSA-m425-mq94-257g", "CVE-2023-44487"],
},
"terraform-provider-azurerm" : {
"golang.org/x/crypto" : ["CVE-2023-48795"],
"golang.org/x/net" : ["CVE-2023-39325", "CVE-2023-3978", "CVE-2023-44487"],
"google.golang.org/grpc" : ["GHSA-m425-mq94-257g", "CVE-2023-44487"],
},
"terraform-provider-google" : {
"golang.org/x/crypto" : ["CVE-2023-48795"],
"golang.org/x/net" : ["CVE-2022-27664", "CVE-2022-41721", "CVE-2022-41723", "CVE-2023-39325", "CVE-2023-3978", "CVE-2023-44487"],
"golang.org/x/text" : ["CVE-2022-32149"],
"google.golang.org/grpc" : ["GHSA-m425-mq94-257g", "CVE-2023-44487"],
},
"terraform" : {
"golang.org/x/crypto" : ["CVE-2023-48795"],
"golang.org/x/net" : ["CVE-2023-39325", "CVE-2023-3978", "CVE-2023-44487"],
"google.golang.org/grpc" : ["GHSA-m425-mq94-257g", "CVE-2023-44487"],
},
"terraformer" : {
"github.com/crewjam/saml" : ["CVE-2023-45683"],
"github.com/hashicorp/vault" : ["CVE-2020-16250", "CVE-2021-32923", "CVE-2023-24999", "CVE-2023-5077", "CVE-2023-5954", "CVE-2021-38554", "CVE-2022-41316", "CVE-2023-0620", "CVE-2023-0665", "CVE-2023-2121", "CVE-2023-25000", "CVE-2023-3462"],
"golang.org/x/crypto" : ["CVE-2023-48795"],
"golang.org/x/net" : ["CVE-2023-39325", "CVE-2023-3978", "CVE-2023-44487"],
"google.golang.org/grpc" : ["GHSA-m425-mq94-257g", "CVE-2023-44487"],
},
}
ignore {
packageUse := ignore_cve[_]
packageValue := packageUse[input.PkgName]
input.VulnerabilityID == packageValue[_]
}