Exclude options #547
Labels
enhancement
New feature or request
Comments
|
We should figure out a way to disambiguate "exclude" as a coined term within Syft and Grype. We're also using "exclude" to refer to a slightly different functionality from Grype's ignore rules, referring instead to omitting certain file paths from Syft/Grype's scan in the first place. See #221 |
|
@wagoodman this is not exactly the same thing, no |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What would you like to be added:
Ability to exclude items from the reports -- quite possibly ported and/or moved from the Grype excludes.
Why is this needed:
Some projects include only a small portion of a library that may be reported as vulnerable. It is not accurate to report these as "included".
Additional context:
Talking with the containerd folks, there are some packages which could result in false positive vulnerability scans, or even somewhat falsely reported as included because they are only using one package out of many, it would be very useful to prescriptively exclude certain results: https://cloud-native.slack.com/archives/CGEQHPYF4/p1634051863179900?thread_ts=1633986885.169500&cid=CGEQHPYF4
The text was updated successfully, but these errors were encountered: