.trivyignore

# WARNING - THIS FILE WAS GENERATED BY THE dps-gradle-spring-boot GRADLE PLUGIN
#           AND ANY MANUAL CHANGES WILL BE OVERRIDDEN ON YOUR NEXT BUILD.
#
# To make general changes to the suppressions below, change the gradle plugin dps-gradle-spring-boot,
# publish a new version and update to the new version in your gradle build script
#
# To stop the dps-gradle-spring-boot project from overwriting any project specific customisations here, remove the
# warning at the top of this file.
#
# Suppression for snakeyaml 1.30 vulnerability as bundled with application insights so can't be upgraded easily
#   Can be suppressed as we we don't parse untrusted yaml
CVE-2022-25857
CVE-2022-38751
# Suppression for snakeyaml 1.31 vulnerability as not fixed yet
#   Can be suppressed as we we don't parse untrusted yaml
CVE-2022-38752
# Suppression for snakeyaml 1.33 vulnerability as not fixed yet
#   Can be suppressed as we we don't parse untrusted yaml
CVE-2022-1471
# Suppression for snakeyaml 1.33 vulnerability as not fixed yet
#   Can be suppressed as we we don't parse untrusted yaml
CVE-2022-41854
# Suppression for jackson databind 2.13.4 as no release for it yet
#   Can be suppressed as UNWRAP_SINGLE_VALUE_ARRAYS is not enabled
CVE-2022-42003
# Suppression for jackson databind 2.13.3 as bundled with application insights
#   Can be suppressed as don't parse untrusted json in application insights
CVE-2022-42004
# Suppression for apache common-text 1.9 as bundled with application insights
#   can be suppressed for the time being as it will be fixed in next version of application insights
CVE-2022-42889
# Suppression for h2 2.1.214 password on command line vulnerability
#   can be suppressed as we only run h2 locally and not on build environments
CVE-2022-45868
# Suppression for spring-web 5.3.24 as bundled with spring boot
#   can be suppressed as we are not using java serialization and deserialization explicitly
CVE-2016-1000027