fix: update fail-on-severity value and add ignore for specific vulnerabilities

ncalteen · ncalteen · commit fbc187fbf501 · 2025-08-27T15:12:09.000-04:00
diff --git a/.grype.yml b/.grype.yml
@@ -13,7 +13,7 @@
 # upon scanning, if a severity is found at or above the given severity then the return code will be 1
 # default is unset which will skip this validation (options: negligible, low, medium, high, critical)
 # same as --fail-on ; GRYPE_FAIL_ON_SEVERITY env var
-fail-on-severity: 'high'
+fail-on-severity: high
 
 # the output format of the vulnerability report (options: table, json, cyclonedx)
 # same as -o ; GRYPE_OUTPUT env var
@@ -145,7 +145,7 @@ exclude:
 # stock:
 #   using-cpes: true
 
-# ignore:
-#   # Ignored by default; disputed and unwarranted CVE that causes Megalinter to fail
-#   # @link https://nvd.nist.gov/vuln/detail/CVE-2018-20225
-#   - vulnerability: CVE-2018-20225
+ignore:
+  vulnerabilities:
+    - package: stdlib
+      type: go-module
