今日已更新 339 条资讯 | 累计 19899 条内容
关于我们

A Simple Way to Reduce the Grype Noise

Marcus Morris 2026年07月01日 02:56 4 次阅读 来源:Dev.to

Security Team: “I have a major Grype...with what I Syfted out of your provided image." Developer: “Well your Grype is slowing me down...let’s tone it down a notch.” While deploying bookstack into my local environment, this issue surfaced. It is true for many organizations today deploying images and packages in their environment. How can this noise fatigue in the software supply chain be remedied? Add a .gype.yaml file to the root directory of your project. This will allow grype to ignore certain CVE's that do not execute or pose a threat in your environment. The yaml config can be as simple as below: Linux Environment # grype.yaml ignore : - vulnerability : CVE-2026-32631 reason : " Platform-specific false positive. Git for Windows only; not applicable to this Linux-based image." - vulnerability : CVE-2016-2781 reason : " Chroot escape via ioctl. Containers rely on namespaces/cgroups, not chroot, so this path isn't exploitable here." OR # grype.yaml ignore : - vulnerability : CVE-2026-32631 - vulnerability : CVE-2016-2781 This will help developers and security engineers get along better. 😃 Grype config reference: https://oss.anchore.com/docs/reference/grype/configuration/

本文内容来源于互联网,版权归原作者所有
查看原文