今日已更新 412 条资讯 | 累计 19972 条内容
关于我们

标签:#grype

找到 1 篇相关文章

AI 资讯

A Simple Way to Reduce the Grype Noise

Security Team: “I have a major Grype...with what I Syfted out of your provided image." Developer: “Well your Grype is slowing me down...let’s tone it down a notch.” While deploying bookstack into my local environment, this issue surfaced. It is true for many organizations today deploying images and packages in their environment. How can this noise fatigue in the software supply chain be remedied? Add a .gype.yaml file to the root directory of your project. This will allow grype to ignore certain CVE's that do not execute or pose a threat in your environment. The yaml config can be as simple as below: Linux Environment # grype.yaml ignore : - vulnerability : CVE-2026-32631 reason : " Platform-specific false positive. Git for Windows only; not applicable to this Linux-based image." - vulnerability : CVE-2016-2781 reason : " Chroot escape via ioctl. Containers rely on namespaces/cgroups, not chroot, so this path isn't exploitable here." OR # grype.yaml ignore : - vulnerability : CVE-2026-32631 - vulnerability : CVE-2016-2781 This will help developers and security engineers get along better. 😃 Grype config reference: https://oss.anchore.com/docs/reference/grype/configuration/

2026-07-01 原文 →