-
Notifications
You must be signed in to change notification settings - Fork 529
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Show all vulnerabilities, even suppressed #887
Comments
(1) Good enhancement. Our company, could use this too.
|
This sounds like a great addition! We would like the default behavior to remain the same but we absolutely accept PRs for things like this! |
Hi grype maintainers! I would like to contribute and assist with this. |
@vimalpatel19 that would be great! I'd suggest maybe we think about adding |
@kzantow Got it! Before I begin working on this, I just wanted to confirm the context for this: Instead of not adding the filtered out vulnerabilities to the output list, we will instead include them and append |
@vimalpatel19 yeah, something like that... maybe the flag could be |
Regarding "--include-suppressed " : I see a certain symmetry below, with what Grype has today.
|
@freedom-isnotanarchy makes sense. I was leaning towards |
@kzantow do you think we need to implement this flag for just the table output format? Or should it also be implemented for the other output formats that don't already print the suppressed items? |
@kzantow I have opened up the following pull request above with initial changes. Can you please review when you get a chance? |
Just to make sure this issue is updated with the same info as the PR: #966 (comment) I think we should just update the table to include this 👍 |
Sounds good, I will proceed with just the table output format then! |
Seems like this is "always" the default but it shouldn't. |
What would you like to be added:
We're using Grype together with Syft in our CI Pipeline to scan built images. We also using a suppression file to mitigate problem.
However I haven't found a way to show all unfiltered vulnerabilities of a scan. So I like to see even the suppressed vulnerabilities in the output list. Maybe a
(suppressed)
should be added after the name.Why is this needed:
When using Grype in our CI-Pipeline with suppression, we don't see what is suppressed, without looking at the suppression file.
The text was updated successfully, but these errors were encountered: