Exclude the line number in vulnerability hash in some files

Question

Exclude the line number in vulnerability hash in some files

fadhilthomas opened this issue 2 years ago · 2 comments

What happened:
I use the horusec to scan my repositories, most of them are in Go language, and then I found vulnerable dependencies in my go.sum files. Currently, I can't update the dependency to resolve the vulnerability findings, so I set the vulnerability status to Risk Accept in the Horusec dashboard for a moment. The problem is when the go.sum is modified, the vulnerability findings come up and become new vulnerabilities because the vulnerability hash changes. Is it possible for me to exclude the line number in the vulnerability hash for some files?

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know?:

Environment:

Horusec version (use horusec version): 2.8.0
Operating System:
Network plugin / Tool and version (if this is a network-related / tool bug):
Others:

Answer 1 · 2022-06-28T12:25:08.000Z

Hello @fadhilthomas tnks for your contribution
This problem is already known to us through issue #699 any news we will report too :)

Answer 2 · 2022-06-28T12:32:38.000Z

you can see this issue open too #990