Hide suppressed vulnerabilities when --show-suppressed is not given #1322
Conversation
Signed-off-by: James Tran <jamestran201@github.com>
| packages := generatePackages(t) | ||
| matches := generateMatches(t, packages[0], packages[0]) | ||
| ignoredMatches := generateIgnoredMatches(t, packages[1]) |
There was a problem hiding this comment.
generatePackages() returns 2 packages. I wanted to use one package for generating ignored matches, so I passed the first package twice to generateMatches(). This feels a bit strange, but I'm not sure how to change it.
|
Thanks for the awesome fix @jamestran201! It looks like there has been some drift in the source of truth for grype's config structs that this PR highlights pretty welll (not that we have to address it here). When I was doing a quick review I noticed that
cc @wagoodman @kzantow since they've been doing some work on config refactors across our tooling, but I 🟢 this PR as a good fix with this comment serving as a promise to address the code confusion and possibly eventually stick |
|
@spiffcs there are some oddities here, but I'll take off the 20-20 glasses for a second and answer:
Overall, there is a need to cleanup these objects (and a reevaluation of some of them too as you pointed out). |
Closes #1053
This PR fixes a bug where suppressed vulnerabilities are displayed even though the
--show-suppressedflag is not provided. The fix is made by checking the value of theshowSuppressedoption before including the suppressed vulns in the result. This PR also adds tests to assert the behaviour with/without--show-suppressed.