Skip to content

Commit a48bc2c

Browse files
committed
Skip kernel vulnerabilities for container images
Ubuntu container image builds are failing security scans because of Linux kernel vulnerabilities reported against linux-libc-dev. Also tighten the kernel package name test to avoid matching on an unrelated <something>-kernel package. (cherry picked from commit 3ca9ed7)
1 parent f7e3d69 commit a48bc2c

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

tools/scan-images.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -82,7 +82,7 @@ generate_summary_csv() {
8282
jq -r '.Results[]
8383
| select(.Vulnerabilities)
8484
| .Vulnerabilities
85-
| map(select(.PkgName | test("kernel") | not ))
85+
| map(select(.PkgName | test("^kernel|^linux-libc-dev") | not ))
8686
| group_by(.VulnerabilityID)
8787
| map(
8888
[

0 commit comments

Comments
 (0)