keep scan on HIGH but add ignore for known issue in nginx

wmo-im · Nov 5, 2024 · f954a8b · f954a8b
1 parent 7a71271
commit f954a8b
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -22,4 +22,5 @@ jobs:
           exit-code: '1'
           ignore-unfixed: true
           vuln-type: 'os,library'
-          severity: 'CRITICAL'
+          severity: 'CRITICAL,HIGH'
+          ignorefile: '.trivyignore'
diff --git a/.trivyignore b/.trivyignore
@@ -0,0 +1,2 @@
+# not fixed in nginx, does not appear to be a security issue
+CVE-2023-49462