FR: Option to ignore certain vulnerabilities

[wedi]

suggestion: Hi. It would be cool if this neat tool would offer the possibility to ignore certain vulnerabilities.
While it might lead to some people ignoring dangerous things just to make their pipeline work, sometimes there is a legit reason.

Right now I am facing the issue that the version of a library I am using has a CVE published but I am not using the affected component at all. Now I am facing the decision to allow my pipeline to pass when a vulnerability is detected or jump through a lot of hoops to update to a version I don't need.

What do you think?

[fabpot]

That's out of the scope of this utility.