mirror of
https://github.com/hashicorp/packer.git
synced 2026-06-09 16:50:08 -04:00
783d5113ba
The reported AWS S3 vulnerability was inherited from the go-getter module that Packer uses for downloading files from external sources. This vulnerability only impacts S3 uploads, therefore Packer is not vulnerable itself as go-getter only downloads such blobs. Since the change required to fix this advisory would be to bump the AWS SDK to v2, this being a major change, is not something to do lightly, so we opted to ignore this advisory for now so it doesn't block upcoming releases.
26 lines
597 B
HCL
26 lines
597 B
HCL
# Copyright (c) HashiCorp, Inc.
|
|
# SPDX-License-Identifier: BUSL-1.1
|
|
|
|
container {
|
|
dependencies = false
|
|
alpine_secdb = true
|
|
secrets = false
|
|
}
|
|
|
|
binary {
|
|
secrets = true
|
|
go_modules = true
|
|
osv = true
|
|
oss_index = true
|
|
nvd = false
|
|
|
|
# Triage items that are _safe_ to ignore here. Note that this list should be
|
|
# periodically cleaned up to remove items that are no longer found by the scanner.
|
|
triage {
|
|
suppress {
|
|
vulnerabilities = [
|
|
"GO-2022-0635", // github.com/aws/aws-sdk-go@v1.55.5 TODO(dduzgun-security): remove when deps is resolved
|
|
]
|
|
}
|
|
}
|
|
}
|