ScanConfig: add "indirect-cve-whitelist" to scanner YAML configuration #453

srmish-jfrog · 2023-12-13T07:59:19Z

Add support for applicability scanning of indirect (transitive) CVEs. This is done by sending a separate list of detected indirect CVEs (indirect-cve-whitelist) to the applicability scanner YAML configuration file.

Also requires an update of "Analyzer Manager" to version 1.6.0

Reference implementation from VSC plugin -
jfrog/jfrog-vscode-extension#450

srmish-jfrog added the feature request New feature or request label Dec 13, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ScanConfig: add "indirect-cve-whitelist" to scanner YAML configuration #453

ScanConfig: add "indirect-cve-whitelist" to scanner YAML configuration #453

srmish-jfrog commented Dec 13, 2023 •

edited

ScanConfig: add "indirect-cve-whitelist" to scanner YAML configuration #453

ScanConfig: add "indirect-cve-whitelist" to scanner YAML configuration #453

Comments

srmish-jfrog commented Dec 13, 2023 • edited

srmish-jfrog commented Dec 13, 2023 •

edited