[
https://issues.apache.org/jira/browse/NIFI-15722?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18066405#comment-18066405
]
ASF subversion and git services commented on NIFI-15722:
--------------------------------------------------------
Commit b2d35ef2f7d356e0ce7ef8187b172ddc7b0082b3 in nifi's branch
refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=b2d35ef2f7d ]
NIFI-15722 Added configuration for Grype scanning (#11014)
- Included ignored vulnerabilities with reasons and referencing libraries
> Add Grype Configuration for Code Compliance Workflow
> ----------------------------------------------------
>
> Key: NIFI-15722
> URL: https://issues.apache.org/jira/browse/NIFI-15722
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Tools and Build
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
>
> The code-compliance workflow includes the Anchore Scan Action, which uses
> Grype to evaluate a generated SBOM for vulnerabilities. A custom Grype
> configuration should be added to the project to support greater control over
> scanning operations, including selectively ignoring specific vulnerable
> libraries all other options have been exhausted.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
