-
Notifications
You must be signed in to change notification settings - Fork 410
/
.snyk
24 lines (24 loc) · 1.17 KB
/
.snyk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
# References:
# https://docs.snyk.io/scan-applications/snyk-code/using-snyk-code-from-the-cli/excluding-directories-and-files-from-the-snyk-code-cli-test
# https://docs.snyk.io/snyk-cli/commands/ignore
exclude:
global:
# Ignore vendor/ directory since we're not (yet) concerned with scanning
# our dependencies on each CI run.
- 'vendor/**'
# Ignore _test.go files because they are tests and not exploitable on
# running systems.
- '**/*_test.go'
# Ignoring CWE-295 (Improper Certificate Validation). This is working as
# intended.
- 'cmd/apiserver-watcher/run.go'
# Ignoring CWE-23 (Path Traversal). This does not appear to be exploitable
# in this particular context.
- 'pkg/daemon/certificate_writer.go'
# Ignoring CWE-916 (Use of Password Hash With Insufficient Computational
# Effort). We are not hashing passwords with MD5.
- 'pkg/controller/render/hash.go'
# Ignoring CWE-916 (Use of Password Hash With Insufficient Computational
# Effort). We are not hashing passwords with MD5.
- 'pkg/controller/build/buildrequest/machineosbuild.go'