Skip to content

v1.21.0 - Ratcheting mode for CI adoption with existing vulnerability debt

Latest
Latest

Choose a tag to compare

View all tags
@sonukapoor sonukapoor released this 09 Jun 13:00
v1.21.0
This tag was signed with the committer’s verified signature.
sonukapoor Sonu Kapoor
GPG key ID: 3306B2C5600CA6DB
Verified
Learn about vigilant mode.
d9fb007
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Added

  • Ratcheting mode: run cve-lite . --ratchet once to snapshot current findings into .cve-lite/baseline.json. All subsequent scans automatically suppress known findings and only report new ones introduced above the baseline. No CI flag changes needed - the baseline file's presence activates suppression.

Docs

  • New dedicated Ratcheting Mode page
  • MAL- advisory handling and unverifiable private source findings documented in how-remediation-works

Validation

  • npm test
  • npm run build
Assets 3
Loading