-
Notifications
You must be signed in to change notification settings - Fork 34
Expand file tree
/
Copy path.grype.yaml
More file actions
42 lines (40 loc) · 1.65 KB
/
.grype.yaml
File metadata and controls
42 lines (40 loc) · 1.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# Copyright (c) 2026, NVIDIA CORPORATION. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
exclude:
- '**/.terraform/**'
- '**/node_modules/**'
# Exclude generated local binaries and release output from source scans.
- './bin/**'
- './aicr'
- './aicrd'
- './dist/**'
# CVE suppressions for aiperf-bench base image (python:3.12-slim).
# All are either unfixed upstream, won't-fix in Debian, or require python 3.13+.
# Reviewed: 2026-04-24
ignore:
# python 3.12.13 — no fix available for 3.12 branch
- vulnerability: CVE-2026-6100 # Critical
- vulnerability: CVE-2025-13836 # High, fix in 3.13.11
- vulnerability: CVE-2026-3298 # High
- vulnerability: CVE-2026-4786 # High
# libc 2.41 — won't fix in Debian
- vulnerability: CVE-2026-5450 # Critical
- vulnerability: CVE-2026-4437 # High
- vulnerability: CVE-2026-4046 # High
- vulnerability: CVE-2026-5928 # High
# ncurses 6.5 — won't fix in Debian
- vulnerability: CVE-2025-69720 # High
# aiperf pip dependencies
- vulnerability: GHSA-whj4-6x5x-4v2j # High, pillow (fix in 12.2.0, pinned by aiperf)
- vulnerability: CVE-2026-4519 # python binary