Use the updated gitlab-depscan tool that allows whitelisting CVEs (!3947) · Merge requests · GitLab.org / omnibus-gitlab · GitLab

Dustin Collins requested to merge whitelist-cves into master Feb 20, 2020

What does this MR do?

A .cveignore file can now be used to whitelist CVEs that should be ignored by gitlab-depscan.

This is a copy of the original MR in dev: https://dev.gitlab.org/gitlab/omnibus-gitlab/-/merge_requests/184. Once this MR is merged, we can delete the dev MR.

Related issues

Closes gitlab-org/distribution/team-tasks#129 (closed).

Checklist

See Definition of done.

Changelog entry created. Not applicable for Documentation changes and minor changes.
Documentation created/updated
Tests added
Integration tests added to GitLab QA, if applicable
MR targeting master branch
MR has a green pipeline on GitLab.com
Equivalent MR/issue for CNG opened if applicable
trigger-package has a green pipeline running against latest commit

Reviewer Checklist

In addition to above, reviewer must:

Pipeline is green on dev.gitlab.org if the change is not touching documentation or internal cookbooks

Edited Feb 21, 2020 by DJ Mountney