Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CVE-2025-0395 to .trivyignore #1362

Merged
merged 8 commits into from
Feb 12, 2025
Merged

Add CVE-2025-0395 to .trivyignore #1362

merged 8 commits into from
Feb 12, 2025

Conversation

rajithkrishnegowda
Copy link
Collaborator

@rajithkrishnegowda rajithkrishnegowda commented Feb 11, 2025
edited
Loading

This pull request introduces a .trivyignore.yaml file to the repository. The file is used to ignore the CVE-2025-0395 vulnerability during Trivy scans and Ubuntu has acknowledged this vulnerability and is working on providing a fix. For more details: https://nvd.nist.gov/vuln/detail/CVE-2025-0395

Changes Made:

  • Added .trivyignore.yaml at the root of the repository.
  • Updated trivy version
  • Configured Trivy scans to ignore CVE-2025-0395 as part of the Docker image and code vulnerability scans.

@MasterSkepticista MasterSkepticista changed the title Adding .trivyignore.yaml to Ignore CVE-2025-0395 Vulnerability Add .trivyignore.yaml Feb 11, 2025
@MasterSkepticista
Copy link
Member

Is this expected to fix Trivy CI failure?

@rajithkrishnegowda rajithkrishnegowda changed the title Add .trivyignore.yaml [WIP] Add .trivyignore.yaml Feb 11, 2025
@rajithkrishnegowda
Copy link
Collaborator Author

Is this expected to fix Trivy CI failure?

yes it should fix Trivy CI Failure but .trivyignore file is getting ignored for aquasecurity/[email protected]. Same issue is reported in aquasecurity/trivy-action#436

@rajithkrishnegowda rajithkrishnegowda changed the title [WIP] Add .trivyignore.yaml [WIP] Add .trivyignore to ignore CVE-2025-0395 (as fix is not available yet) Feb 12, 2025
@rajithkrishnegowda rajithkrishnegowda changed the title [WIP] Add .trivyignore to ignore CVE-2025-0395 (as fix is not available yet) Add .trivyignore to ignore CVE-2025-0395 (as fix is not available yet) Feb 12, 2025
@MasterSkepticista MasterSkepticista changed the title Add .trivyignore to ignore CVE-2025-0395 (as fix is not available yet) Add CVE-2025-0395 to .trivyignore Feb 12, 2025
MasterSkepticista
MasterSkepticista approved these changes Feb 12, 2025
View reviewed changes
Copy link
Member

@MasterSkepticista MasterSkepticista left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

All hail the green ticks are back

tanwarsh
tanwarsh approved these changes Feb 12, 2025
View reviewed changes
Copy link
Collaborator

@tanwarsh tanwarsh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @rajithkrishnegowda for fixing this.

@rahulga1 rahulga1 merged commit a64af0b into securefederatedai:develop Feb 12, 2025
28 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MasterSkepticista MasterSkepticista MasterSkepticista approved these changes

@rahulga1 rahulga1 rahulga1 approved these changes

@tanwarsh tanwarsh tanwarsh approved these changes

@aayushgaintel aayushgaintel Awaiting requested review from aayushgaintel aayushgaintel is a code owner

@theakshaypant theakshaypant Awaiting requested review from theakshaypant theakshaypant is a code owner

@gbikkiintel gbikkiintel Awaiting requested review from gbikkiintel gbikkiintel is a code owner

@kta-intel kta-intel Awaiting requested review from kta-intel kta-intel is a code owner

@noopurintel noopurintel Awaiting requested review from noopurintel noopurintel is a code owner

@psfoley psfoley Awaiting requested review from psfoley psfoley is a code owner

@payalcha payalcha Awaiting requested review from payalcha payalcha is a code owner

@pasokan-intel pasokan-intel Awaiting requested review from pasokan-intel pasokan-intel is a code owner

@ishaileshpant ishaileshpant Awaiting requested review from ishaileshpant ishaileshpant is a code owner

@srikanthenugul srikanthenugul Awaiting requested review from srikanthenugul srikanthenugul is a code owner

@teoparvanov teoparvanov Awaiting requested review from teoparvanov teoparvanov is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rajithkrishnegowda @MasterSkepticista @rahulga1 @tanwarsh