Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignore guzzlehttp CVE in trivy scan #86

Merged
merged 1 commit into from
Jun 7, 2023
Merged

Ignore guzzlehttp CVE in trivy scan #86

merged 1 commit into from
Jun 7, 2023

Conversation

arturo-seijas
Copy link
Collaborator

Ignore guzzlehttp CVE in trivy scan

@arturo-seijas arturo-seijas requested a review from a team as a code owner June 6, 2023 08:31
yanksyoon
yanksyoon approved these changes Jun 6, 2023
View reviewed changes
Copy link
Collaborator

@yanksyoon yanksyoon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@jdkandersson
Copy link
Contributor

What is the reason please?

@arturo-seijas
Copy link
Collaborator Author

What is the reason please?

Trivy is detecting a new vulnerability in one of the wordpress' dependencies. We can't patch it, we'll need to update wordpress

@gregory-schiano
Copy link
Contributor

The build of the image still fails due to the snakeoil key, I think another ignore will have to be added :/

@amandahla
Copy link
Contributor

The config file should be considered now, can you try it, please?
See aquasecurity/trivy-action#238

@arturo-seijas arturo-seijas reopened this Jun 7, 2023
@arturo-seijas
Copy link
Collaborator Author

The config file should be considered now, can you try it, please? See aquasecurity/trivy-action#238

It hasn't :( I'll pin to the earlier version for now

@arturo-seijas arturo-seijas reopened this Jun 7, 2023
@github-actions
Copy link
Contributor

github-actions bot commented Jun 7, 2023

Test coverage for ff4f807

Name                Stmts   Miss Branch BrPart  Cover   Missing
---------------------------------------------------------------
src/charm.py          520     39    163     27    90%   203-206, 344-345, 557, 607, 667, 702-703, 753-759, 764, 866, 871-872, 944, 951, 1043, 1052, 1064, 1085, 1094, 1113, 1117, 1146, 1199, 1331, 1353, 1360->1362, 1401->exit, 1413, 1430-1432, 1450, 1459-1460
src/cos.py             15      0      0      0   100%
src/exceptions.py      17      1      2      1    89%   41
src/types_.py          15      0      0      0   100%
---------------------------------------------------------------
TOTAL                 567     40    165     28    90%

Static code analysis report

Run started:2023-06-07 14:54:27.847487

Test results:
  No issues identified.

Code scanned:
  Total lines of code: 4861
  Total lines skipped (#nosec): 4
  Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
  Total issues (by severity):
  	Undefined: 0
  	Low: 0
  	Medium: 0
  	High: 0
  Total issues (by confidence):
  	Undefined: 0
  	Low: 0
  	Medium: 0
  	High: 0
Files skipped (0):

@amandahla
Copy link
Contributor

My mistake, I saw the merge and then thought that it was related to the action :|

@arturo-seijas arturo-seijas merged commit 17ff391 into main Jun 7, 2023
@arturo-seijas arturo-seijas deleted the ignore-cves branch June 7, 2023 15:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yanksyoon yanksyoon yanksyoon approved these changes

@amandahla amandahla amandahla approved these changes

Assignees
No one assigned
Labels
Libraries: Out of sync
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@arturo-seijas @jdkandersson @gregory-schiano @amandahla @yanksyoon