kgess-mirror/proton-WebClients
1
0
Fork 0
mirror of https://github.com/ProtonMail/WebClients.git synced 2026-01-11 20:06:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

MAILWEB-6141: Add DevSecOps to web clients git repo

Browse source
This commit is contained in:
Paolo Chiabrera 2025-04-01 13:24:07 +00:00 committed by MargeBot
parent 181ba72b8d
commit b4e1ebe243
2 changed files with 151 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

142
.grype.yaml Normal file
View file

@ -0,0 +1,142 @@
fail-on-severity: 'critical'
ignore:
# Statuses
- fix-state: not-fixed
- fix-state: unknown
- fix-state: wont-fix
# Vulnerabilities
# How to fix them:
# - remove the entry you aim to fix from the following list
# - check in the CI that is failing
# - patch/update the target dependency accordingly
# - the CI should be green and that's it
## Criticals
### Go
- vulnerability: GHSA-v778-237x-gjrc
package:
name: golang.org/x/crypto
type: go-module
version: v0.0.0-20210322153248-0c34fe9e7dc2
- vulnerability: GHSA-v778-237x-gjrc
package:
name: golang.org/x/crypto
type: go-module
version: v0.0.0-20220829220503-c86fa9a7ed90
- vulnerability: CVE-2024-24790
package:
name: stdlib
type: go-module
version: go1.15.5
- vulnerability: CVE-2023-29405
package:
name: stdlib
type: go-module
version: go1.15.5
- vulnerability: CVE-2023-29404
package:
name: stdlib
type: go-module
version: go1.15.5
- vulnerability: CVE-2023-29402
package:
name: stdlib
type: go-module
version: go1.15.5
- vulnerability: CVE-2023-24540
package:
name: stdlib
type: go-module
version: go1.15.5
- vulnerability: CVE-2023-24538
package:
name: stdlib
type: go-module
version: go1.15.5
- vulnerability: CVE-2023-24531
package:
name: stdlib
type: go-module
version: go1.15.5
- vulnerability: CVE-2022-23806
package:
name: stdlib
type: go-module
version: go1.15.5
- vulnerability: CVE-2021-38297
package:
name: stdlib
type: go-module
version: go1.15.5
- vulnerability: CVE-2020-29511
package:
name: stdlib
type: go-module
version: go1.15.5
- vulnerability: CVE-2020-29509
package:
name: stdlib
type: go-module
version: go1.15.5
- vulnerability: CVE-2024-24790
package:
name: stdlib
type: go-module
version: go1.18.8
- vulnerability: CVE-2023-29405
package:
name: stdlib
type: go-module
version: go1.18.8
- vulnerability: CVE-2023-29404
package:
name: stdlib
type: go-module
version: go1.18.8
- vulnerability: CVE-2023-29402
package:
name: stdlib
type: go-module
version: go1.18.8
- vulnerability: CVE-2023-24540
package:
name: stdlib
type: go-module
version: go1.18.8
- vulnerability: CVE-2023-24538
package:
name: stdlib
type: go-module
version: go1.18.8
- vulnerability: CVE-2023-24531
package:
name: stdlib
type: go-module
version: go1.18.8
### Npm
- vulnerability: GHSA-phwq-j96m-2c2q
package:
name: ejs
type: npm
version: 2.7.4
- vulnerability: GHSA-vjh7-7g9h-fjfh
package:
name: elliptic
type: npm
version: 6.5.7
- vulnerability: GHSA-593f-38f6-jp5m
package:
name: koa
type: npm
version: 2.15.3
- vulnerability: GHSA-76p3-8jx3-jpfq
package:
name: loader-utils
type: npm
version: 0.2.17
- vulnerability: GHSA-cf4h-3jhx-xvhq
package:
name: underscore
type: npm
version: 1.7.0

9
.semgrepignore Normal file
View file

@ -0,0 +1,9 @@
# Exclude CI and testing folders from being scanned
ci
tests
**/test
**/testing
**/tests
# False positive caused by a template
packages/components/containers/keys/reactivateKeys/SelectRecoveryFiles.tsx