Allow Kubescape image scan to have an allowed exception/CVE list
Opened this issue · 2 comments
Currently Kubescape scan image does not allow us whitelist CVE's which we accept this can be useful when wanting to use kubescape as a quality gate but dont want to be blocking deployments due to upstream having not yet provisioned a patch. or it being decided to be a wont-fix.
Currently any CVE which reaches the required level eg: critical causes kubescape to return non 0, this can be a pain when the actual project has prioritised this as a low impact or a wont fix. EG
CVE-2023-23914 is marked as critical, however Curl has marked it as a low priority. This vuln only applies to a specific use case of Curl which you may or may not be using.
I would love to be able to pass a list of accepted CVE's I am aware of and accept the risk of deploying and only cause kubescape to non 0 if a CVE not in this list and of the correct level is found.
Awesome feature request!