forked from kubernetes-sigs/cluster-api-provider-openstack
-
Notifications
You must be signed in to change notification settings - Fork 32
/
.snyk
20 lines (20 loc) · 1.16 KB
/
.snyk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# References:
# https://docs.snyk.io/scan-applications/snyk-code/using-snyk-code-from-the-cli/excluding-directories-and-files-from-the-snyk-code-cli-test
# https://docs.snyk.io/snyk-cli/commands/ignore
exclude:
global:
- "vendor/**"
- "**/vendor/**"
- "hack/**"
- "test/**"
- "**/*_test.go"
# TODO: use the `ignore:` interface to be more specific on what issues we want to ignore but it doesn't seem to work.
#
# This file handle Glance image upload in CAPO.
# This code intentionally supports insecure hash algorithms, because for public images the consumer can't, in practise,
# influence the hash algorithm presented. If the only published hash is MD5 it's more secure to check it than not
# check it, so we support MD5.
# Incidentally, Glance only directly supports SHA512. This is wildly impractical as almost nobody publishes this:
# SHA256 is most common in practise. Also Glance publishes a hash of something that isn't guaranteed to be what it downloaded.
# Also there's no way to determine via the API if it's going to do this. Glance hash verification is unusable.
- 'internal/controllers/image/upload_helpers.go'