stack/.woodpecker/api.yml at 2ab795a95db7208848a26847dc51f3f2ba626fcd

mosaic/stack

Fork 0

Files

Jason Woltje 08f62f1787

ci/woodpecker/push/infra Pipeline was successful

Details

ci/woodpecker/push/coordinator Pipeline failed

Details

ci/woodpecker/push/web Pipeline failed

Details

ci/woodpecker/push/api Pipeline failed

Details

ci/woodpecker/push/orchestrator Pipeline failed

Details

fix(ci): add .trivyignore for upstream CVEs in base images

All 16 suppressed CVEs are in upstream binaries/packages we don't control:
- Go stdlib CVEs in openbao bin/bao (Go 1.25.6) and postgres gosu (Go 1.24.6)
- OpenBao CVE false positives (Trivy reads Go pseudo-version, we run 2.5.0)
- npm bundled cross-spawn/glob/tar CVEs in node:20-alpine base image

Updated all 6 Trivy scan steps across 5 pipelines to use --ignorefile.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-12 17:05:11 -06:00

6.4 KiB

Raw Blame History

View Raw

6.4 KiB Raw Blame History

6.4 KiB

Raw Blame History