diff options
| author | Linus Färnstrand <linus@mullvad.net> | 2024-07-09 07:56:33 +0200 |
|---|---|---|
| committer | Linus Färnstrand <linus@mullvad.net> | 2024-07-09 07:56:33 +0200 |
| commit | 1529a389fd4a472f42ff8e3ec49c25c0c8fd4a73 (patch) | |
| tree | dc57f6ab8dfd274f52a8d5ce60515002ba865e08 /android | |
| parent | d726e19cf93d15d0bf6734afb28e0794bacda72c (diff) | |
| parent | ac832d3146ab25b621dd9dc95a154eded918b774 (diff) | |
| download | mullvadvpn-1529a389fd4a472f42ff8e3ec49c25c0c8fd4a73.tar.xz mullvadvpn-1529a389fd4a472f42ff8e3ec49c25c0c8fd4a73.zip | |
Merge branch 'integrate-osv-scanner-into-ci-des-706'
Diffstat (limited to 'android')
| -rw-r--r-- | android/gradle/osv-scanner.toml | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/android/gradle/osv-scanner.toml b/android/gradle/osv-scanner.toml new file mode 100644 index 0000000000..25ca2747a1 --- /dev/null +++ b/android/gradle/osv-scanner.toml @@ -0,0 +1,89 @@ +# See repository root `osv-scanner.toml` for instructions and rules for this file. +# +# Temporarily ignoring all reported android vulnerabilites with a one month deadline +# since we plan to examine the vulnerabilites and bootstrap this file with proper +# ignore reasons (or address by bumping dependencies). +# +# Also worth mentioning that we're already using the OWASP Dependency-Check tool +# for the android code base as of before. + +[[IgnoredVulns]] +id = "CVE-2022-45868" # GHSA-22wj-vf5f-wrvj +ignoreUntil = 2024-08-02 +reason = "See top comment" + +[[IgnoredVulns]] +id = "CVE-2023-3635" # GHSA-w33c-445m-f8w7 +ignoreUntil = 2024-08-02 +reason = "See top comment" + +[[IgnoredVulns]] +id = "CVE-2024-29025" # GHSA-5jpm-x58v-624v +ignoreUntil = 2024-08-02 +reason = "See top comment" + +[[IgnoredVulns]] +id = "CVE-2023-44487" # GHSA-xpw8-rcwv-8f8p +ignoreUntil = 2024-08-02 +reason = "See top comment" + +[[IgnoredVulns]] +id = "CVE-2023-34462" # GHSA-6mjq-h674-j845 +ignoreUntil = 2024-08-02 +reason = "See top comment" + +[[IgnoredVulns]] +id = "CVE-2024-26308" # GHSA-4265-ccf5-phj5 +ignoreUntil = 2024-08-02 +reason = "See top comment" + +[[IgnoredVulns]] +id = "CVE-2024-25710" # GHSA-4g9r-vxhx-9pgx +ignoreUntil = 2024-08-02 +reason = "See top comment" + +[[IgnoredVulns]] +id = "CVE-2020-13956" # GHSA-7r82-7xv7-xcpj +ignoreUntil = 2024-08-02 +reason = "See top comment" + +[[IgnoredVulns]] +id = "CVE-2023-51775" # GHSA-6qvw-249j-h44c +ignoreUntil = 2024-08-02 +reason = "See top comment" + +[[IgnoredVulns]] +id = "CVE-2023-31582" # GHSA-7g24-qg88-p43q +ignoreUntil = 2024-08-02 +reason = "See top comment" + +[[IgnoredVulns]] +id = "GHSA-jgvc-jfgh-rjvv" +ignoreUntil = 2024-08-02 +reason = "See top comment" + +[[IgnoredVulns]] +id = "CVE-2022-24329" # GHSA-2qp4-g3q3-f92w +ignoreUntil = 2024-08-02 +reason = "See top comment" + +[[PackageOverrides]] +name = "org.bouncycastle:bcprov-jdk15on" +ecosystem = "Maven" +ignore = true +effectiveUntil = 2024-08-02 +reason = "See top comment" + +[[PackageOverrides]] +name = "org.bouncycastle:bcprov-jdk18on" +ecosystem = "Maven" +ignore = true +effectiveUntil = 2024-08-02 +reason = "See top comment" + +[[PackageOverrides]] +name = "org.bouncycastle:bcpkix-jdk18on" +ecosystem = "Maven" +ignore = true +effectiveUntil = 2024-08-02 +reason = "See top comment" |