feat: ignore private-key rule for opensearch

canonical · Aug 3, 2023 · 779d096 · 779d096
1 parent 3cf9fb5
commit 779d096
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/oci/charmed-opensearch/.trivyignore b/oci/charmed-opensearch/.trivyignore
@@ -1,3 +1,18 @@
+# CVEs in upstream
+
+# com.google.guava:guava:30.0-jre (insecure temporary directory creation), used in:
+# - opensearch-alerting
+# - opensearch-knn
 CVE-2023-2976
+
+# io.grpc:grpc-protobuf:1.52.1 (reachable assertion), impacting:
+# - performance-analyzer-rca
 CVE-2023-1428
-CVE-2023-32731
+
+# io.grpc:grpc-protobuf:1.52.1 (sensitive information disclosure) impacting:
+# - performance-analyzer-rca
+CVE-2023-32731
+
+# Ignore these rules
+# Due to a demo scripts that uses some harmless test keys
+private-key