forked from finos/open-resource-broker
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.trivyignore
More file actions
24 lines (21 loc) · 915 Bytes
/
Copy path.trivyignore
File metadata and controls
24 lines (21 loc) · 915 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# Trivy ignore file for security scanning exceptions
# Moto testing library certificates - these are test certificates for AWS mocking
# Not actual private keys used in production
**/.venv/lib/python*/site-packages/moto/moto_proxy/ca.key
**/.venv/lib/python*/site-packages/moto/moto_proxy/cert.key
.venv/lib/python*/site-packages/moto/moto_proxy/ca.key
.venv/lib/python*/site-packages/moto/moto_proxy/cert.key
# Development and test dependencies should not be scanned in production
.venv/**
__pycache__/**
*.pyc
.pytest_cache/**
.coverage
htmlcov/**
.tox/**
.mypy_cache/**
# CVE exceptions for transitive CI/dev-only dependencies with no upstream patch
# nltk 3.9.4 — CVE-2026-54293 (HIGH). Pulled in transitively by `safety` (CI-only
# security scanner). No fixed version available upstream as of 2026-06-17. Not
# present in runtime install. Re-evaluate when nltk publishes a patched release.
CVE-2026-54293