Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

First shot at adding allow list #14

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

First shot at adding allow list #14

wants to merge 4 commits into from

Conversation

vsoch
Copy link
Member

@vsoch vsoch commented Nov 24, 2021

This will add the ability to define an "allow list" (akin to the docker whitelist equivalent but I'm trying to avoid that term!) and will close #13

Signed-off-by: vsoch [email protected]

@vsoch
Copy link
Member Author

vsoch commented Mar 13, 2022

Allow list examples:

generalallowlist: # Approve CVE for any image
  CVE-2017-6055: XML
  CVE-2017-5586: OpenText
  CVE-2019-13627: ""
images:
  ubuntu: # Approve CVE only for ubuntu image, regardles of the version. If it is a private registry with a custom port registry:777/ubuntu:tag this won't work due to a bug.
    CVE-2017-5230: Java
    CVE-2017-5230: XSX
  alpine:
    CVE-2017-3261: SE

This likely won't be worked on so leaving this here for a future person.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

whitelist vulneribilities
1 participant