New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow ignoring CVEs #42
Comments
Hej! Thanks for giving Here is my idea. Let me know what you think and whether you want to work on it or not :) Otherwise I will try to add it within the next weeks as I'm a little swamped with work ATM.
A file containing a list of identifiers of the findings to be ignored from the various sources should be easy enough to implement e.g. File .skjoldignore
The I'm not yet sure how output should be handled though and whether ignored findings should still be presented somehow. Maybe add a small note to
Adding an additional optional parameter skjold audit -I pyup.io-25625,GHSA-xwhf-g6j5-j5gc ./requirements.txt What do you think? |
I started implementing a slightly different approach after discovering how |
Added it to |
Motivation:
One might need a way to ignore a vulnerability
until a migration to a new library would take place
so that safety check does not fail every day until you migrate
for example, if you faced a CVE like this: https://nvd.nist.gov/vuln/detail/CVE-2020-28463
The text was updated successfully, but these errors were encountered: