ci: ignore vulnerabilities on license scan (#4895)

* ci: ignore vulnerabilities on license scan Signed-off-by: Shahar Harari <shahar.harari@sap.com> * remove space Signed-off-by: Shahar Harari <shahar.harari@sap.com> * remove osv-scanner.toml Signed-off-by: Shahar Harari <shahar.harari@sap.com> --------- Signed-off-by: Shahar Harari <shahar.harari@sap.com>
envoyproxy · Dec 12, 2024 · f467007 · f467007
1 parent 7bb7624
commit f467007
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/.github/workflows/license-scan.yml b/.github/workflows/license-scan.yml
@@ -23,4 +23,5 @@ jobs:
         scan-args: |-
           --skip-git
           --experimental-licenses=Apache-2.0,BSD-2-Clause,BSD-2-Clause-FreeBSD,BSD-3-Clause,MIT,ISC,Python-2.0,PostgreSQL,X11,Zlib
+          --config tools/osv-scanner/license-scan-config.yaml
           ./
diff --git a/osv-scanner.toml → tools/osv-scanner/license-scan-config.toml b/osv-scanner.toml → tools/osv-scanner/license-scan-config.toml
@@ -1,3 +1,8 @@
+# Ignore vulnerabilities on license scan
+[[PackageOverrides]]
+ecosystem = "Go"
+vulnerability.ignore = true
+
 [[PackageOverrides]]
 name = "github.com/AdaLogics/go-fuzz-headers"
 version = "0.0.0-20230811130428-ced1acdcaa24"