fix: Scan job fails even though CVE is on ignore list #42
Conversation
| @@ -247,12 +267,11 @@ const main = async () => { | |||
| console.log('=================') | |||
| console.log(`${total.toString().padStart(3, ' ')} Total ${getCount('total', ignoredCounts)}`) | |||
|
|
|||
| const numFailingVulns = | |||
| failThreshold === 'informational' ? total - ignoredCounts.informational | |||
There was a problem hiding this comment.
I'm not sure how to deal with indeterminate.
indeterminate is included in the numFailingVulns only when failThreshold equals informational because total includes indeterminate.
There was a problem hiding this comment.
I haven't seen any indeterminate vulnerabilities, they might exist only in concept. Let's go with your approach for now -- we can revise the code later if there are issues.
| failThreshold === 'informational' ? total - ignoredCounts.informational | ||
| : failThreshold === 'low' ? critical + high + medium + low - ignoredCounts.low | ||
| : failThreshold === 'medium' ? critical + high + medium - ignoredCounts.medium | ||
| : failThreshold === 'high' ? critical + high - ignoredCounts.high |
There was a problem hiding this comment.
We should also subtract ignoredCounts.critical.
| @@ -247,12 +267,11 @@ const main = async () => { | |||
| console.log('=================') | |||
| console.log(`${total.toString().padStart(3, ' ')} Total ${getCount('total', ignoredCounts)}`) | |||
|
|
|||
| const numFailingVulns = | |||
| failThreshold === 'informational' ? total - ignoredCounts.informational | |||
There was a problem hiding this comment.
I haven't seen any indeterminate vulnerabilities, they might exist only in concept. Let's go with your approach for now -- we can revise the code later if there are issues.
|
@alexjurkiewicz |
|
Tagged v2.0.1 |
fix: #23
When you ignore vulnerabilities in multiple severities, even though you ignore all vulnerabilities, scan job still fails.