Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add expiration time for allow list items #277

Closed
villesau opened this issue Jun 10, 2022 · 1 comment · Fixed by #284
Closed

Add expiration time for allow list items #277

villesau opened this issue Jun 10, 2022 · 1 comment · Fixed by #284
Labels
enhancement New feature or request good first issue Good for newcomers

Comments

@villesau
Copy link

In many cases there's not much that you can do for the vulnerability at the time it is alerted. However, maybe the fix is being worked on but not released. For this purpose it would make sense to have expiry times for ignored vulnerabilities so that the developer remembers to check it again after a while. For the reference, better-npm-audit support such functionality via expiry field: https://github.com/jeemok/better-npm-audit#using-nsprc-file-to-manage-exceptions

@quinnturner quinnturner added enhancement New feature or request good first issue Good for newcomers labels Jun 10, 2022
@Undistraction
Copy link

This would also be useful in cases where a policy dictates different time windows for different levels of advisory (e.g. 7 days for low vulnerabilities, 24 hours for critical etc). Without this addition, the only option is to either immediately action the fix, or to add the advisory to the ignored list, where it can easily be forgotten.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants