-
Notifications
You must be signed in to change notification settings - Fork 35
Expand file tree
/
Copy path.grype.yaml
More file actions
37 lines (36 loc) · 1.34 KB
/
.grype.yaml
File metadata and controls
37 lines (36 loc) · 1.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
scan-type: source
ignore:
- vulnerability: GHSA-34x7-hfp2-rc4v
- vulnerability: GHSA-r6q2-hw4h-h46w
- vulnerability: GHSA-3966-f6p6-2qr9
- vulnerability: GHSA-8qq5-rm4j-mr97
- vulnerability: GHSA-5j98-mcp5-4vw2
- vulnerability: CVE-2025-60876
- vulnerability: GHSA-3ppc-4f35-3m26
include-aliases: true
reason: >-
Base image npm package: minimatch - bundled in Node.js base image, not fixable via application dependencies as of
2026-02-23 (high severity)
- vulnerability: GHSA-83g3-92jg-28cx
include-aliases: true
reason: >-
Base image npm package: tar - bundled in Node.js base image, not fixable via application dependencies as of
2026-02-23 (high severity)
- vulnerability: GHSA-73rr-hh4g-fpgx
include-aliases: true
reason: >-
Base image npm package: diff - bundled in Node.js base image, not fixable via application dependencies as of
2026-02-23 (low severity)
- vulnerability: CVE-2026-27171
include-aliases: true
reason: "Alpine base image package (apk): zlib - no npm fix available as of 2026-02-23 (moderate severity)"
- vulnerability: GHSA-2g4f-4pwh-qvx6
include-aliases: true
reason: "Unfixable npm transitive vulnerability: unknown (unknown severity) as of 2026-02-23"
output:
- table
- json
search:
scope: squashed
quiet: false
check-for-app-update: false