Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

errorMissedIgnores parameter #48

Merged
merged 3 commits into from
Aug 2, 2024
Merged

errorMissedIgnores parameter #48

merged 3 commits into from
Aug 2, 2024

Conversation

josh-linushealth
Copy link
Contributor

@josh-linushealth josh-linushealth commented Jun 24, 2024
edited
Loading

Introduces parameter to only raise a warning when CVE's defined in the ignore list are not found in scan results. Currently this will result in an error.

This parameter defaults to true as to remain a non-impactful change.

@josh-linushealth josh-linushealth mentioned this pull request Jun 24, 2024
Closed
@pzi
Copy link
Collaborator

pzi commented Jul 1, 2024

Heya, thanks for the PR.

Your code makes it a warning instead of an error to fail a build, which is fine, but I suppose I wouldn't call it "ignore".
You could rename the parameter to something like "missedCVELogLevel" (or whatever sounds better) and the possible values would be "warn" or "error". This way it's clearer what's going to happen.

Additionally, please update the README where appropriate.

Thanks

pzi
pzi requested changes Jul 1, 2024
View reviewed changes
pzi
pzi reviewed Jul 25, 2024
View reviewed changes
pzi
pzi reviewed Jul 25, 2024
View reviewed changes
Copy link
Collaborator

@pzi pzi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Happy to approve if @alexjurkiewicz is, too.

@josh-linushealth @pzi
Update action.yml
e33cbe3 
Co-authored-by: Patrik Affentranger <[email protected]>
@josh-linushealth josh-linushealth requested a review from pzi July 29, 2024 14:21
@pzi pzi merged commit a17ece3 into alexjurkiewicz:master Aug 2, 2024
@pzi pzi linked an issue Aug 2, 2024 that may be closed by this pull request
Ignore List gives error when CVE not present #13
Closed
pzi

This comment was marked as duplicate.

Sign in to view

pzi
pzi reviewed Aug 2, 2024
View reviewed changes
Copy link
Collaborator

@pzi pzi left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks @josh-linushealth

ps: Idk what's going on, github keeps telling me i need to review this :(. I will just ignore it from now on...

@alexjurkiewicz
Copy link
Owner

alexjurkiewicz commented Aug 5, 2024 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pzi pzi pzi requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Ignore List gives error when CVE not present
3 participants
@josh-linushealth @pzi @alexjurkiewicz