From 1eccbe93ac13f5c52df783ab872a2d284ac89f3d Mon Sep 17 00:00:00 2001
From: Natalie Arellano <narellano@vmware.com>
Date: Tue, 13 Aug 2024 15:00:05 -0400
Subject: [PATCH] Add .grype.yaml file to ignore known false positives

Signed-off-by: Natalie Arellano <narellano@vmware.com>
---
 .grype.yaml | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 .grype.yaml

diff --git a/.grype.yaml b/.grype.yaml
new file mode 100644
index 000000000..79fe72be3
--- /dev/null
+++ b/.grype.yaml
@@ -0,0 +1,3 @@
+ignore:
+  - vulnerability: CVE-2015-5237 # false positive, see https://github.com/anchore/grype/issues/558
+  - vulnerability: CVE-2021-22570 # false positive, see https://github.com/anchore/grype/issues/558