chore(ci): add Grype ignore rules for unreachable base-image findings#539
Merged
chore(ci): add Grype ignore rules for unreachable base-image findings#539
Conversation
Grype currently blocks every PR on high/critical CVEs in base-image layers that PR authors cannot fix (OS packages, the bundled `npm` CLI used only at build time, the base-image Python/Node runtimes). This adds a `.grype.yaml` that narrowly suppresses those findings while leaving real runtime-dependency issues in `/app/node_modules` and `/opt/uv-tools` visible. Philosophy and per-rule rationale are inline in the file. Most entries are expected to roll off as upstream Node, Python, Debian and Alpine images pick up fixes via future toolhive bumps. Validated locally by building and scanning octocode-mcp (picomatch base-image finding → clean), aws-documentation (python stdlib + debian libs → clean), and chroma-mcp (unrelated `mcp` package GHSAs still flagged, as intended). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
JAORMX
approved these changes
Apr 21, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a
.grype.yamlat repo root that suppresses Grype findings the PR author has no lever to fix: base-image OS packages, the bundlednpmCLI (build-time only), and the base-image Python/Node runtimes. Runtime deps of specific MCP servers (/app/node_modules/…and/opt/uv-tools/…) are intentionally left visible.Every currently open PR is failing
build-containers / Run Grype vulnerability scannerbecause Grype's DB updated 2026-04-21 with new high/critical fixes for packages that ship inside our base images. The scanner is configured withseverity-cutoff: high,only-fixed: true,fail-build: true, so any newly-fixed high/critical in the base image turns every PR red. This change unblocks PRs whose only failure is in the base image, while keeping real server-dep issues blocking as before.What each rule covers and why
package.type: debpython:3.x). Dockyard Dockerfiles neverapt-get installanything of their own. Fix path: base-image rebuild tracked by upstream Debian.package.type: apknode:22-alpine/node:24-alpine). Dockyard Dockerfiles neverapk add. Fix path: base-image rebuild tracked by upstream Alpine.package.location: /usr/local/lib/node_modules/npm/**npmCLI runs only at image build time (tonpm installthe MCP server). It is not invoked by the running server, so CVEs in its internal deps — picomatch via tinyglobby, minimatch, glob, tar, cacache, node-gyp — are not reachable from the server's runtime attack surface.package.location: /usr/local/bin/python*package.location: /usr/local/bin/nodeFull per-rule comments live inline in the file.
What this PR does NOT ignore
These stay blocking and need the upstream MCP server package (or the upstream Go module) to bump vulnerable deps:
/app/node_modules/…findings:next,protobufjs,axios,lodash,basic-ftp,undici,path-to-regexp,@modelcontextprotocol/sdk,fast-xml-parser,oauth2-server,convict, application-levelpicomatch, .../opt/uv-tools/<server>/…findings:fastmcp,mcp(Python SDK),aiohttp,pyjwt,pillow,lupa,langchain-core, .../app/mcp-serverGo stdlib CVEs (thenetbirdMCP binary) — these reroll when toolhive bumps the Go toolchain.Expected impact on open PRs
Should unblock:
octocode-mcpbumps (chore(deps): update dependency octocode-mcp to v14 #534, chore(deps): update dependency octocode-mcp to v13.0.1 #475) — only fails on picomatch in the system npm treechrome-devtools-mcp(chore(deps): update dependency chrome-devtools-mcp to v0.22.0 #525)playwright-mcp(chore(deps): update dependency @playwright/mcp to v0.0.70 #472)Will still fail until upstream fixes:
/app/node_modules/…/opt/uv-tools/…Validation
Built three images locally with
dockhand, scanned withanchore/grypeand the new-c .grype.yaml:local-scan:octocode-test— 3 findings before (picomatch GHSA-c2c7-rcm5-vvqj high + 2 mediums), 0 after.local-scan:aws-doc-test— python stdlib + debian libs before, 0 after.local-scan:chroma-test— still fails on 3 highmcp1.6.0 GHSAs in/opt/uv-tools/chroma-mcp/, as intended (real runtime-dep risk, not a base-image one).Test plan
Build MCP Server ContainersCI on this PR passes (no spec changes, so only a lint-level validation that the config doesn't break the workflow).renovate/octocode-mcp-14.x— expected to go green; (b)renovate/mcp-clickhouse-0.x— expected to still fail onfastmcp, confirming scope is narrow.🤖 Generated with Claude Code