debug actions

Author: ablack3

.github/workflows/build-test-sign-image.yaml

@@ -147,6 +147,7 @@ jobs:
           vuln-type: library
           severity: HIGH,CRITICAL
           exit-code: "1"
+          trivyignores: .trivyignore
 
       # 2) Release build (PUSH) to GHCR and Azure CR with SBOM + provenance attestations.
       # Multi-platform Linux: amd64 (Intel/AMD) and arm64 (Apple Silicon, ARM). Windows containers need a separate Windows Dockerfile (different base OS).

.trivyignore

@@ -0,0 +1,23 @@
+# Library CVEs from transitive JDBC/Java deps (DatabaseConnector::downloadJdbcDrivers).
+# Versions are controlled by HADES/CRAN; we do not ship or patch these JARs.
+# Re-evaluate when upgrading DatabaseConnector or when HADES updates driver set.
+# See: https://github.com/OHDSI/DatabaseConnector
+
+# jackson-databind (transitive)
+CVE-2022-42003
+CVE-2022-42004
+
+# com.microsoft.sqlserver:mssql-jdbc
+CVE-2025-59250
+
+# commons-io
+CVE-2024-47554
+
+# io.grpc:grpc-netty-shaded
+CVE-2025-55163
+
+# org.apache.commons:commons-compress (Databricks JDBC)
+CVE-2021-35515
+CVE-2021-35516
+CVE-2021-35517
+CVE-2021-36090

Makefile

@@ -0,0 +1,6 @@
+.PHONY: push
+
+push:
+	git add .
+	git commit -m "debug actions"
+	git push