.trivyignore

# Suppression for snakeyaml 1.30 vulnerability as bundled with application insights so can't be upgraded easily
#   Can be suppressed as we we don't parse untrusted yaml
CVE-2022-25857
CVE-2022-38751
# Suppression for snakeyaml 1.31 vulnerability as not fixed yet
#   Can be suppressed as we we don't parse untrusted yaml
CVE-2022-38752
# Suppression for snakeyaml 1.33 vulnerability as not fixed yet
#   Can be suppressed as we we don't parse untrusted yaml
CVE-2022-1471
# Suppression for snakeyaml 1.33 vulnerability as not fixed yet
#   Can be suppressed as we we don't parse untrusted yaml
CVE-2022-41854
# Suppression for jackson databind 2.13.4 as no release for it yet
#   Can be suppressed as UNWRAP_SINGLE_VALUE_ARRAYS is not enabled
CVE-2022-42003
# Suppression for jackson databind 2.13.3 as bundled with application insights
#   Can be suppressed as don't parse untrusted json in application insights
CVE-2022-42004
# Suppression for apache common-text 1.9 as bundled with application insights
#   can be suppressed for the time being as it will be fixed in next version of application insights
CVE-2022-42889
# Suppression for h2 2.1.214 password on command line vulnerability
#   can be suppressed as we only run h2 locally and not on build environments
CVE-2022-45868
# Suppression for spring-web 5.3.24 as bundled with spring boot
#   can be suppressed as we are not using java serialization and deserialization explicitly
CVE-2016-1000027
# Suppression as our project cannot currently be upgraded to SpringBoot V3.X, see MRD-1329 for details
CVE-2023-1370
CVE-2023-20863