-
Notifications
You must be signed in to change notification settings - Fork 529
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
grype is showing (suppressed) issues even though they aren't requested. #1053
Comments
Thanks for reporting! We've confirmed the behavior and will get a fix in soon for this. |
I was looking through the v0.54.0..v0.55.0 diff and noticed this change: https://github.com/anchore/grype/compare/v0.54.0..v0.55.0#diff-e12805a26e8031bd6f10e235003454ad4ebd52a6af6c78c740df26193e41d28dL29-L33 The original code was: case tableFormat:
if presenterConfig.showSuppressed {
return table.NewPresenter(matches, packages, metadataProvider, ignoredMatches)
}
return table.NewPresenter(matches, packages, metadataProvider, nil) While the updated code looks obviously wrong (since the condition branch is exactly the same): case tableFormat:
if c.showSuppressed {
return table.NewPresenter(pb)
}
return table.NewPresenter(pb) Naively, it looks like a |
@miquella let me see if I can add that check and get caught up on this issue - |
Hello,
|
Hi @jamestran201, please do! It's all yours. I believe you are correct, the desired behavior is to not show suppressed vulnerabilities unless the flag is passed, but at the moment the behavior is not correct. Please feel free to stop by our Slack (https://get.anchore.com/join-anchore-community/) and we can help out. Thanks! |
What happened:
when I run grype with only the option "--only-fixed" the output generated includes "(suppressed)" issues even though I'm not using the option "--show-suppressed".
What you expected to happen:
Results with "(suppressed)" should only be shown if explicitly using the option "--show-suppressed"
How to reproduce it (as minimally and precisely as possible):
run
grype --only-fixed httpd:2.4.54-alpine
Output I get
Anything else we need to know?:
Environment:
The text was updated successfully, but these errors were encountered: