Extend scancode-config.yml to ignore some vulnerabilities #1271
Assignees
Labels
enhancement
New feature or request
Comments
tdruez
added a commit
that referenced
this issue
Jun 21, 2024
Signed-off-by: tdruez <[email protected]>
tdruez
moved this to In Progress
in CRAVEX moved to https://github.com/orgs/aboutcode-org/projects/8
tdruez
added a commit
that referenced
this issue
Jun 21, 2024
Signed-off-by: tdruez <[email protected]>
tdruez
added a commit
that referenced
this issue
Jun 21, 2024
…1281) * Add ignored_vulnerabilities field on the Project configuration #1271 Signed-off-by: tdruez <[email protected]> * Minor change to the indentation for consistency #1271 Signed-off-by: tdruez <[email protected]> --------- Signed-off-by: tdruez <[email protected]>
|
Merged and documented at https://scancodeio.readthedocs.io/en/latest/project-configuration.html#ignored-vulnerabilities |
github-project-automation
bot
moved this from In Progress
to Done
in CRAVEX moved to https://github.com/orgs/aboutcode-org/projects/8
tdruez
added a commit
that referenced
this issue
Jun 21, 2024
Signed-off-by: tdruez <[email protected]>
pombredanne
moved this from Done
to Validated
in CRAVEX moved to https://github.com/orgs/aboutcode-org/projects/8
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The same way we can ignore paths and package scopes, it could be useful to ignore certain vulnerabilities in the context of a project. The ignore could be based either on a CVE or in a VCID. It could be useful to also have a comment that explain why we ignore this.
The text was updated successfully, but these errors were encountered: