-
Notifications
You must be signed in to change notification settings - Fork 51
Expand file tree
/
Copy pathosv-scanner.toml
More file actions
19 lines (19 loc) · 978 Bytes
/
Copy pathosv-scanner.toml
File metadata and controls
19 lines (19 loc) · 978 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# OSV-Scanner suppressions for the databricks-sql-nodejs security gate.
#
# Each entry suppresses a CVE that is a documented false positive
# against an artifact we ship, or is a dev-only finding that doesn't
# reach the shipped `dist/`. Every entry has a justification.
#
# Trade-off worth noting: [[IgnoredVulns]] entries are CVE-id global --
# they ignore the CVE across all packages OSV reports it against, not
# just the artifact we have in mind. The alternative
# ([[PackageOverrides]] with `vulnerability.ignore = true`) is
# per-package but blanket-ignores ALL vulnerabilities on that package,
# which is much worse. OSV-Scanner v2.3.8 does NOT support an
# intersection ("this CVE on this package only").
#
# See google.github.io/osv-scanner/configuration/ for the schema.
#
# This file starts empty -- populate iteratively as the first scan run
# surfaces real false positives or dev-only findings worth excluding.
# Do not pre-populate with speculative suppressions.