FR: Option to ignore certain vulnerabilities
wedi opened this issue · 1 comments
wedi commented
suggestion: Hi. It would be cool if this neat tool would offer the possibility to ignore certain vulnerabilities.
While it might lead to some people ignoring dangerous things just to make their pipeline work, sometimes there is a legit reason.
Right now I am facing the issue that the version of a library I am using has a CVE published but I am not using the affected component at all. Now I am facing the decision to allow my pipeline to pass when a vulnerability is detected or jump through a lot of hoops to update to a version I don't need.
What do you think?
fabpot commented
That's out of the scope of this utility.