You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# This file specifies vulnerabilities that should be ignored when running
# govulncheck. Vulnerabilities are only ignored if no fix is available.
# Once a fix is released, the wrapper script will flag them automatically.
#
# Each entry must specify:
# - id: The vulnerability ID (GO-XXXX-XXXX format)
# - module: The exact module path where the vulnerability exists
# - reason: Why this vulnerability is accepted (should note "No fix available")
ignored_vulnerabilities:
- id: GO-2023-1901
module: github.com/tektoncd/pipeline
reason: "No fix available - Pipelines do not validate child UIDs in Tekton Pipeline (CVE-2023-37264)"
- id: GO-2026-4730
module: github.com/tektoncd/pipeline
reason: "No fix available - Tekton Pipelines controller panic via long resolver name in TaskRun/PipelineRun in github.com/tektoncd/pipeline (CVE-2026-33022)"