This PR adds CI-level trivy skip-file arguments to bypass the false positive vulnerability findings for the pebble binary in the bare-based rocks. The existing skip-file arguments only contain /bin/pebble, which works for Ubuntu 20.04 and 22.04, but not 24.04, as the pebble executable is in /usr/bin/pebble instead.
Ping the @canonical/rocks team.
Description
This PR adds CI-level trivy
skip-filearguments to bypass the false positive vulnerability findings for the pebble binary in the bare-based rocks. The existingskip-filearguments only contain/bin/pebble, which works for Ubuntu 20.04 and 22.04, but not 24.04, as the pebble executable is in/usr/bin/pebbleinstead.Related issues
https://github.com/canonical/chiselled-python/issues/26
This is another approach compared with #290 .