External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-09 15:02:05 -03:30
Code Issues Packages Projects Releases Wiki Activity

Supress the false positives reported by scorecards

Browse Source 
Closes #37499

Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>
This commit is contained in:
Bruno Oliveira da Silva 2025-02-19 11:20:38 -03:00
parent 9a3f47d68c
commit 9bfa4cd138
3 changed files with 50 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
distribution/maven-plugins/osv-scanner.toml Normal file
View File

@ -0,0 +1,10 @@
# Ignore false positives for https://securityscorecards.dev/viewer/?uri=github.com/keycloak/keycloak
# Suppress TestNG alert:
# - TestNG is brought in as a transitive dependency via groovy-testng.
# - Test dependencies are not included in the server distribution.
# - The latest groovy-testng version doesn't address the CVE.
[[IgnoredVulns]]
id = "GHSA-rc2q-x9mf-w3vf"
reason = "suppressed because TestNG, a transitive dependency from groovy-testng, isnt included in the server distribution."

21
js/osv-scanner.toml Normal file
View File

@ -0,0 +1,21 @@
# Ignore false positives for https://securityscorecards.dev/viewer/?uri=github.com/keycloak/keycloak
# Reason
[[IgnoredVulns]]
id = "GHSA-9mvj-f7w8-pvh2"
reason = "reason"
# Reason
[[IgnoredVulns]]
id = "GHSA-67mh-4wv8-2f99"
reason = "reason"
# Reason
[[IgnoredVulns]]
id = "GHSA-gxr4-xjj5-5px2"
reason = "reason"
# Reason
[[IgnoredVulns]]
id = "GHSA-jpcq-cgw6-v4j6"
reason = "reason"

19
testsuite/integration-arquillian/tests/other/webauthn/osv-scanner.toml Normal file
View File

@ -0,0 +1,19 @@
# Ignore false positives for https://securityscorecards.dev/viewer/?uri=github.com/keycloak/keycloak
# guava is a test dependency coming from htmlunit3-driver, not shipped with the server distribution.
# There are no plans to upgrading it considering the effort and breaking changes.
[[IgnoredVulns]]
id = "GHSA-5mg8-w23w-74h3"
reason = "suppressed because guava, a transitive dependency from htmlunit3-driver, isnt included in the server distribution."
# guava is a test dependency coming from htmlunit3-driver, not shipped with the server distribution.
# There are no plans to upgrading it considering the effort and breaking changes.
[[IgnoredVulns]]
id = "GHSA-7g45-4rm6-3mm3"
reason = "suppressed because guava, a transitive dependency from htmlunit3-driver, isnt included in the server distribution."
# commons-io is a test dependency coming from htmlunit, not shipped with the server distribution.
# There are no plans to upgrading it considering the effort and breaking changes.
[[IgnoredVulns]]
id = "GHSA-78wr-2p64-hpwj"
reason = "suppressed because commons-io, a transitive dependency from htmlunit, isnt included in the server distribution."