From f467007ccf6ad27737b51395a0ad0af7c8f0e8aa Mon Sep 17 00:00:00 2001 From: shahar-h Date: Thu, 12 Dec 2024 02:54:49 +0200 Subject: [PATCH] ci: ignore vulnerabilities on license scan (#4895) * ci: ignore vulnerabilities on license scan Signed-off-by: Shahar Harari * remove space Signed-off-by: Shahar Harari * remove osv-scanner.toml Signed-off-by: Shahar Harari --------- Signed-off-by: Shahar Harari --- .github/workflows/license-scan.yml | 1 + .../osv-scanner/license-scan-config.toml | 5 +++++ 2 files changed, 6 insertions(+) rename osv-scanner.toml => tools/osv-scanner/license-scan-config.toml (96%) diff --git a/.github/workflows/license-scan.yml b/.github/workflows/license-scan.yml index 649f27fe979..834515bbeb0 100644 --- a/.github/workflows/license-scan.yml +++ b/.github/workflows/license-scan.yml @@ -23,4 +23,5 @@ jobs: scan-args: |- --skip-git --experimental-licenses=Apache-2.0,BSD-2-Clause,BSD-2-Clause-FreeBSD,BSD-3-Clause,MIT,ISC,Python-2.0,PostgreSQL,X11,Zlib + --config tools/osv-scanner/license-scan-config.yaml ./ diff --git a/osv-scanner.toml b/tools/osv-scanner/license-scan-config.toml similarity index 96% rename from osv-scanner.toml rename to tools/osv-scanner/license-scan-config.toml index 9d5626b71ec..79a579ff7f8 100644 --- a/osv-scanner.toml +++ b/tools/osv-scanner/license-scan-config.toml @@ -1,3 +1,8 @@ +# Ignore vulnerabilities on license scan +[[PackageOverrides]] +ecosystem = "Go" +vulnerability.ignore = true + [[PackageOverrides]] name = "github.com/AdaLogics/go-fuzz-headers" version = "0.0.0-20230811130428-ced1acdcaa24"