certifi dependency false positive.

[xanderstevenson]

What happened:

In Cisco Code Exchange, the following vulnerability was found.

certifi | 2023.7.22 | 2023.07.22 | requirements.txt | GHSA-xqr8-7jwr-rhp7 |

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. -- | -- | -- | -- | -- | --

What you expected to happen:

User updated certifi to 2023.07.22. Repo was rescanned and vulnerability alert still exisits.

How to reproduce it (as minimally and precisely as possible):

Scan GitHUb repo for Code Exchange and set certifi version to 2023.7.22 or 2023.07.22

Are there any error messages in KubeClarity logs?

(e.g. kubectl logs -n kubeclarity --selector=app=kubeclarity)

Unknown

Anything else we need to know?:

Environment:

• Kubernetes version (use kubectl version --short):
• Helm version (use helm version):
• KubeClarity version (use kubectl -n kubeclarity exec deploy/kubeclarity -- ./backend version)
• KubeClarity Helm Chart version (use helm -n kubeclarity list)
• Cloud provider or hardware configuration:
• Others: