Merge remote-tracking branch 'remotes/from/ce/release/1.21.x' into release/1.21.x

2025-12-24 19:01:51 +01:00 · 2025-12-17 21:02:46 +00:00 · 2025-12-17 21:02:46 +00:00 · 9729c55df2
commit 9729c55df2
parent b9dc5d43f6 7d46d3841d
1 changed files with 11 additions and 0 deletions
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@ -32,6 +32,17 @@ container {
        "CVE-2024-58251",
        "GO-2022-0635", // github.com/aws/aws-sdk-go@v1.x
      ]
+
+      // The OSV scanner will trip on several packages that are included in the
+      // the UBI images. This is due to RHEL using the same base version in the
+      // package name for the life of the distro regardless of whether or not
+      // that version has been patched for security. Rather than enumate ever
+      // single CVE that the OSV scanner will find (several tens) we'll ignore
+      // the base UBI packages.
+      paths = [
+        "usr/lib/sysimage/rpm/*",
+        "var/lib/rpm/*",
+      ]
    }
  }
 }