pilot-shell/.trivyignore at main · maxritter/pilot-shell · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# Trivy ignore file
# Add CVE IDs or secret rule IDs here to suppress specific findings.
#
# Format:
#   CVE-2024-12345                     # Suppress a specific CVE
#   generic-api-key:path/to/file.txt   # Suppress a secret finding in a specific file
#
# Note: launcher/, console/, and docs/site/api/ are git-crypt encrypted.
# In CI, the security-scan job decrypts them before scanning.
# The pre-commit hook skips launcher/ and docs/site/api/ via skip-dirs.
#
# See: https://aquasecurity.github.io/trivy/latest/docs/configuration/filtering/

# minimatch ReDoS — transitive dev dependency of @typescript-eslint/typescript-estree.
# Fix (10.2.1) requires major version bump that @typescript-eslint hasn't adopted yet.
CVE-2026-26996