You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Another thing which might potentially be useful (and should probably be configurable on individual ecosystem matcher level) could be if we find an NVD match and that CVE has a GHSA for another ecosystem (and the eocsystem we're matching for is supported by GitHub) we filter it out. Hopefully that makes sense but if not I can try and explain it better.
Yes, so I'm already working on a feature for this internally. It will be configurable to define some hierarchy of namespaces which should be considered authoritative. I'll let you know when I'm ready with it so you can evaluate.
Another thing which might potentially be useful (and should probably be configurable on individual ecosystem matcher level) could be if we find an NVD match and that CVE has a GHSA for another ecosystem (and the eocsystem we're matching for is supported by GitHub) we filter it out. Hopefully that makes sense but if not I can try and explain it better.
Originally posted by @westonsteimel in #390 (comment)
The text was updated successfully, but these errors were encountered: