You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We're using the new-ish support for ignoring CVEs that we're triaged as not relevant. It's great!
The lists of ignored CVEs are growing though, and we've noticed a few of them are no longer found in the images. Mostly due to fixes being released by the relevant linux distribution.
We'd love an option to fail the build if an ignored CVE is no longer found, to encourage us to tidy up the list incrementally. Would you be open to a PR that implements it?
The text was updated successfully, but these errors were encountered:
We're using the new-ish support for ignoring CVEs that we're triaged as not relevant. It's great!
The lists of ignored CVEs are growing though, and we've noticed a few of them are no longer found in the images. Mostly due to fixes being released by the relevant linux distribution.
We'd love an option to fail the build if an ignored CVE is no longer found, to encourage us to tidy up the list incrementally. Would you be open to a PR that implements it?
The text was updated successfully, but these errors were encountered: