advanced-security dependabot-epss-action issues - Githubissues

advanced-security / dependabot-epss-action

Action to detect if any open :dependabot: Dependabot alert CVEs exceed an EPSS threshold and fail the workflow.

MIT License

1 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

🤖 Fixes #12

#13 felickz closed 1 week ago
0
EPSS = Exploit Prediction Scoring System. Not Ecosystem Package Security Score

#12 Crashedmind closed 1 week ago
1
Enhancement - Status Policy - Decide how to handle non-open alerts that are not "Fixed"

#11 felickz opened 1 month ago
0
Enhancement - Add 🟡 WARN and 🟢 GOOD data to report for any :dependabot: alerts that have crossed the EPSS threshold but are not in OPEN state

#10 felickz opened 1 month ago
1
Enhancement - pull data feed daily via job in this repo to reference data locally

#9 felickz opened 1 month ago
0
Bug - Fix summary emoji bug in report title

#8 felickz closed 1 month ago
0
Enhancement - Add workflow summary

#7 felickz closed 1 month ago
0
Enhancement - Show warning (fail optional) when an alert is auto-dismissed

#6 felickz opened 1 month ago
0
Bug - Handle scenario where dependabot alert exists with no CVE

#5 felickz closed 1 month ago
0
Fix bug - Short circuit when no dependabot alerts exist!

#4 leonsparrowJM closed 1 month ago
2
The workflow fails if there are no dependabot alerts ever generated on the repo

#3 leonsparrowJM closed 1 month ago
1
Add screenshot

#2 felickz closed 2 months ago
0
Feature Request - Dismiss alerts that do not meet a minimum threshold

#1 felickz opened 5 months ago
0