ignore CVE-2022-30065 until we have a fix

DitZii · Jul 19, 2022 · 850a805 · 850a805
1 parent f0ddb83
commit 850a805
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 1 deletion.
diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml
@@ -345,6 +345,7 @@ jobs:
           exit-code: 1
           ignore-unfixed: false
           severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
+          trivyignores: .trivyignore
       - name: Check security vulnerabilities for autoconf
         uses: aquasecurity/trivy-action@master
         with:
@@ -354,6 +355,7 @@ jobs:
           exit-code: 1
           ignore-unfixed: false
           severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
+          trivyignores: .trivyignore
       - name: Check security vulnerabilities for UI
         uses: aquasecurity/trivy-action@master
         with:
@@ -363,6 +365,7 @@ jobs:
           exit-code: 1
           ignore-unfixed: false
           severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
+          trivyignores: .trivyignore
 
       # Prepare tests
       - name: Install tests dependencies

diff --git a/.trivyignore b/.trivyignore
@@ -0,0 +1 @@
+CVE-2022-30065
diff --git a/autoconf/Dockerfile b/autoconf/Dockerfile
@@ -48,7 +48,7 @@ RUN apk add --no-cache git && \
     ln -s /proc/1/fd/1 /var/log/letsencrypt/letsencrypt.log
 
 # Fix CVEs
-RUN apk add "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "git>=2.32.3-r0" "ncurses-libs>=6.2_p20210612-r1" "ncurses-terminfo-base>=6.2_p20210612-r1" "busybox>=1.35.0-r17" "ssl_client>=1.35.0-r17"
+RUN apk add "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "git>=2.32.3-r0" "ncurses-libs>=6.2_p20210612-r1" "ncurses-terminfo-base>=6.2_p20210612-r1"
 
 VOLUME /data /etc/nginx