scan:
  skip-files:
    - "usr/sbin/gosu" # CVE patching is far behind and out of our control.
    - "app/gogs/gogs" # False positives on main builds

severity:
  - CRITICAL
  - HIGH

vulnerability:
  ignore-unfixed: true
  type:
    - os
    - library

format: "table"