forked from GSA/data.gov
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.snyk
70 lines (66 loc) · 2.95 KB
/
.snyk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.13.5
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
SNYK-PYTHON-ANSIBLE-536475:
- '*':
reason: >-
solaris_zone module is not used, fix requires ansible 2.9
https://github.com/gsa/datagov-deploy/issues/893
expires: 2021-03-05T00:00:00.000Z
SNYK-PYTHON-ANSIBLE-1062705:
- '*':
reason: |
None of the [affected modules][1] are used by datagov-deploy for this
Moderate severity information disclosure vulnerability. We are
expecting a fix to Ansible 2.8.x and will apply the fix when
available.
[1]: https://github.com/ansible/ansible/pull/73488/files#diff-89865e71cd9bd8b5c7f02498425c8ce4a73d2e25957c685f587b0a1488204d9e
expires: 2021-03-08T06:00:00.000Z
SNYK-PYTHON-ANSIBLE-1070407:
- '*':
reason: |
None of the [affected modules][1] are used by datagov-deploy for this
Moderate severity information disclosure vulnerability. We are
expecting a fix to Ansible 2.8.x and will apply the fix when
available.
[1]: https://github.com/ansible/ansible/commit/bfea16c4f741d4cd10c8e17bf7eed14240345cb5
expires: 2021-03-08T06:00:00.000Z
SNYK-PYTHON-ANSIBLE-1070408:
- '*':
reason: |
We accept the risk for this moderate severity information exposure
issue. Our logs are secured on our jumpbox servers where only
authorized team members have access. We expect a fix to be made
available on the 2.8.x branch soon.
expires: 2021-03-08T06:00:00.000Z
SNYK-PYTHON-ANSIBLE-1070409:
- '*':
reason: |
None of the [affected modules][1] are used by datagov-deploy for this
Moderate severity information disclosure vulnerability. We are
expecting a fix to Ansible 2.8.x and will apply the fix when
available.
[1]: https://github.com/ansible/ansible/commit/0785772a03470fd2879d2f613520284997dc9dd0
expires: 2021-03-08T06:00:00.000Z
SNYK-PYTHON-PYYAML-590151:
- '*':
reason: >-
There is no fix for PyYaml at this time. YAML playbooks are
considered trusted and run only on our secured jumpboxes by our
operators. These operators should only be using trusted sources as
well. Risk is acceptable.
expires: 2021-02-19T06:00:00.000Z
SNYK-PYTHON-PY-1049546:
- '*':
reason: >-
There is no fix for Py at this time. This is introduced through molecule
and molecule is only used in dev environments.
expires: 2021-03-10T06:00:00.000Z
SNYK-PYTHON-CRYPTOGRAPHY-1022152:
- '*':
reason: >-
An issue was created to resolve this issue within 30-days.
https://github.com/GSA/datagov-deploy/issues/2472
expires: 2021-03-10T06:00:00.000Z
patch: {}