[logging-log4j2] branch 2.x updated: Add Osv scanner exclusions

Thu, 05 Oct 2023 13:24:00 -0700 

This is an automated email from the ASF dual-hosted git repository.

pkarwasz pushed a commit to branch 2.x
in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git


The following commit(s) were added to refs/heads/2.x by this push:
     new c4e7cddffc Add Osv scanner exclusions
c4e7cddffc is described below

commit c4e7cddffcd908dd7e2badffdbdb4d15a54d2aa6
Author: Piotr P. Karwasz <[email protected]>
AuthorDate: Thu Oct 5 22:23:46 2023 +0200

    Add Osv scanner exclusions
---
 osv-scanner.toml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/osv-scanner.toml b/osv-scanner.toml
new file mode 100644
index 0000000000..18fd0d5f67
--- /dev/null
+++ b/osv-scanner.toml
@@ -0,0 +1,31 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+[[IgnoredVulns]]
+id = "GHSA-2qrg-x229-3v8q"
+reason = "log4j:log4j is a test dependency used in performance comparisons"
+[[IgnoredVulns]]
+id = "GHSA-65fg-84f6-3jq3"
+reason = "log4j:log4j is a test dependency used in performance comparisons"
+[[IgnoredVulns]]
+id = "GHSA-f7vh-qwp3-x37m"
+reason = "log4j:log4j is a test dependency used in performance comparisons"
+[[IgnoredVulns]]
+id = "GHSA-fp5r-v3w9-4333"
+reason = "log4j:log4j is a test dependency used in performance comparisons"
+[[IgnoredVulns]]
+id = "GHSA-w9p3-5cr8-m3jj"
+reason = "log4j:log4j is a test dependency used in performance comparisons"

Reply via email to