Add CI workflow and Grype CVE ignores

- Add .github/workflows/ci.yml with build/push and deploy-dev/uat jobs - Add .grype.yaml with Python 3.12 CVE ignores Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-19 11:42:55 +00:00
parent b7b57d91b1
commit 6ac7350d75
2 changed files with 5 additions and 1 deletions
@@ -0,0 +1,4 @@
+ignore:
+  # Python 3.12 CVEs — only fixed in 3.13+, cannot upgrade major version safely
+  - vulnerability: CVE-2025-13836
+  - vulnerability: CVE-2026-4519