You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As a security engineer, I want to adopt vet in CI/CD as a security gate to prevent introduction of new packages that violate my policy so that I can prevent increasing security & technical debt while I work on mitigating the existing problem
This basically means we need to provide a way to add the existing findings at the time of adoption into an exception list. The filters can ignore packages in exception list to prevent vet failing in CI for existing packages.
Proposed Workflow
Use vet query command to generate exception list
vet query --from /path/to/json-dump --exception-add --exception-file /path/to/exceptions.yml
Subsequently, when filter query is executed, the packages in exception list should be ignored. vet should also load a default exceptions file if available from:
$PWD/.vet/exceptions.yml
$scanDirectory/.vet/exceptions.yml
CI Integration
The generated exceptions.yml should be pushed to repository in a standard path for autoload such as .vet/exceptions.yml or explicitly passed as param during scan
vet scan -D /path/to/repo --exception-file /path/to/exception.yml --filter '...' --filter-fail
The text was updated successfully, but these errors were encountered:
vet query --generate-exception --from /path/to/json-dump --exception-out-file /path/to/exceptions.yml
OR
vet generate-exception --from /path/to/json-dump --exception-out-file /path/to/exceptions.yml
we can also suggest it as a step while generating github action or even generate it?
Requirement
As a security engineer, I want to adopt vet in CI/CD as a security gate to prevent introduction of new packages that violate my policy so that I can prevent increasing security & technical debt while I work on mitigating the existing problem
This basically means we need to provide a way to add the existing findings at the time of adoption into an exception list. The filters can ignore packages in exception list to prevent vet failing in CI for existing packages.
Proposed Workflow
Use vet query command to generate exception list
Subsequently, when filter query is executed, the packages in exception list should be ignored.
vet
should also load a default exceptions file if available from:$PWD/.vet/exceptions.yml
$scanDirectory/.vet/exceptions.yml
CI Integration
The generated
exceptions.yml
should be pushed to repository in a standard path for autoload such as.vet/exceptions.yml
or explicitly passed as param during scanThe text was updated successfully, but these errors were encountered: