-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
#892: Filtered out Linux Kernel related CVE's (#420)
related to exasol/script-languages-release#892 also removed old (outdated) CVE's from ignore list
- Loading branch information
Showing
10 changed files
with
37 additions
and
132 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,41 +0,0 @@ | ||
#bug in trivy, no idea when a new debian package will be released (https://github.com/aquasecurity/trivy/issues/1680) | ||
CVE-2021-43816 | ||
#The following CVEs affect kernel, no issue for container | ||
CVE-2022-0847 | ||
CVE-2022-0001 | ||
CVE-2022-0002 | ||
CVE-2022-1015 | ||
CVE-2022-23960 | ||
CVE-2022-25636 | ||
CVE-2022-43945 | ||
CVE-2023-3611 | ||
CVE-2023-3776 | ||
CVE-2023-3609 | ||
CVE-2023-4622 | ||
CVE-2023-4623 | ||
CVE-2023-4921 | ||
CVE-2024-26583 | ||
CVE-2024-26828 | ||
CVE-2024-26865 | ||
CVE-2024-26585 | ||
CVE-2023-52433 | ||
CVE-2024-26642 | ||
CVE-2024-26643 | ||
CVE-2024-26800 | ||
CVE-2024-26921 | ||
CVE-2024-26923 | ||
CVE-2024-26924 | ||
CVE-2024-26925 | ||
CVE-2024-27397 | ||
# CVE-2023-20569 does not have a fix and is a problem of host system (amd cpus) | ||
CVE-2023-20569 | ||
#CVE-2022-23648 is a bug in containerd, not issue for containers | ||
CVE-2022-23648 | ||
#issue in cgroups, but no threat for ScriptLanguageContainer | ||
CVE-2022-0492 | ||
# CVE-2022-27191 is an issue in Go. Which will be installed only together with Trivy. | ||
CVE-2022-27191 | ||
# CVE-2022-23960 affects only ARM architectures | ||
CVE-2022-23960 | ||
# We ignore CVE-2023-38325, because cryptography 41.0.3 is currently not available on conda, https://github.com/conda-forge/cryptography-feedstock/issues/122 | ||
CVE-2023-38325 | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
10 changes: 10 additions & 0 deletions
10
flavors/template-Exasol-all-python-3.10-conda/flavor_base/security_scan/trivy.rego
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
package trivy | ||
|
||
import data.lib.trivy | ||
|
||
default ignore = false | ||
|
||
ignore { | ||
input.PkgName == "linux-libc-dev" | ||
regex.match("^kernel:", input.Title) | ||
} |
42 changes: 1 addition & 41 deletions
42
flavors/template-Exasol-all-python-3.10-cuda-conda/flavor_base/security_scan/.trivyignore
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,41 +1 @@ | ||
#bug in trivy, no idea when a new debian package will be released (https://github.com/aquasecurity/trivy/issues/1680) | ||
CVE-2021-43816 | ||
#The following CVEs affect kernel, no issue for container | ||
CVE-2022-0847 | ||
CVE-2022-0001 | ||
CVE-2022-0002 | ||
CVE-2022-1015 | ||
CVE-2022-23960 | ||
CVE-2022-25636 | ||
CVE-2022-43945 | ||
CVE-2023-3611 | ||
CVE-2023-3776 | ||
CVE-2023-3609 | ||
CVE-2023-4622 | ||
CVE-2023-4623 | ||
CVE-2023-4921 | ||
CVE-2024-26583 | ||
CVE-2024-26828 | ||
CVE-2024-26865 | ||
CVE-2024-26585 | ||
CVE-2023-52433 | ||
CVE-2024-26642 | ||
CVE-2024-26643 | ||
CVE-2024-26800 | ||
CVE-2024-26921 | ||
CVE-2024-26923 | ||
CVE-2024-26924 | ||
CVE-2024-26925 | ||
CVE-2024-27397 | ||
# CVE-2023-20569 does not have a fix and is a problem of host system (amd cpus) | ||
CVE-2023-20569 | ||
#CVE-2022-23648 is a bug in containerd, not issue for containers | ||
CVE-2022-23648 | ||
#issue in cgroups, but no threat for ScriptLanguageContainer | ||
CVE-2022-0492 | ||
# CVE-2022-27191 is an issue in Go. Which will be installed only together with Trivy. | ||
CVE-2022-27191 | ||
# CVE-2022-23960 affects only ARM architectures | ||
CVE-2022-23960 | ||
# We ignore CVE-2023-38325, because cryptography 41.0.3 is currently not available on conda, https://github.com/conda-forge/cryptography-feedstock/issues/122 | ||
CVE-2023-38325 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
10 changes: 10 additions & 0 deletions
10
flavors/template-Exasol-all-python-3.10-cuda-conda/flavor_base/security_scan/trivy.rego
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
package trivy | ||
|
||
import data.lib.trivy | ||
|
||
default ignore = false | ||
|
||
ignore { | ||
input.PkgName == "linux-libc-dev" | ||
regex.match("^kernel:", input.Title) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,47 +0,0 @@ | ||
#the following CVE's affect kernel, no issue for container | ||
CVE-2022-0847 | ||
CVE-2022-0001 | ||
CVE-2022-0002 | ||
CVE-2022-1015 | ||
CVE-2022-23960 | ||
CVE-2022-25636 | ||
CVE-2022-1116 | ||
CVE-2022-29581 | ||
CVE-2022-21499 | ||
CVE-2022-43945 | ||
CVE-2023-3090 | ||
CVE-2023-3389 | ||
CVE-2023-3390 | ||
CVE-2023-3611 | ||
CVE-2023-3776 | ||
CVE-2023-3609 | ||
CVE-2023-4622 | ||
CVE-2023-4623 | ||
CVE-2023-4921 | ||
CVE-2023-6176 | ||
CVE-2024-0646 | ||
CVE-2024-1085 | ||
CVE-2024-1086 | ||
CVE-2024-26597 | ||
CVE-2024-26828 | ||
CVE-2024-26865 | ||
CVE-2024-26585 | ||
CVE-2023-52433 | ||
CVE-2024-26642 | ||
CVE-2024-26643 | ||
CVE-2024-26800 | ||
CVE-2024-26921 | ||
CVE-2024-26923 | ||
CVE-2024-26924 | ||
CVE-2024-26925 | ||
CVE-2024-27397 | ||
# CVE-2023-20569 does not have a fix and is a problem of host system (amd cpus) | ||
CVE-2023-20569 | ||
#CVE-2022-23648 is a bug in containerd, not issue for containers | ||
CVE-2022-23648 | ||
#issue in cgroups, but no threat for ScriptLanguageContainer | ||
CVE-2022-0492 | ||
# CVE-2022-27191 is an issue in Go. Which will be installed only together with Trivy. | ||
CVE-2022-27191 | ||
# CVE-2022-23960 affects only ARM architectures | ||
CVE-2022-23960 | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
10 changes: 10 additions & 0 deletions
10
flavors/template-Exasol-all-python-3.10/flavor_base/security_scan/trivy.rego
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
package trivy | ||
|
||
import data.lib.trivy | ||
|
||
default ignore = false | ||
|
||
ignore { | ||
input.PkgName == "linux-libc-dev" | ||
regex.match("^kernel:", input.Title) | ||
} |