Action to detect if any open :dependabot: Dependabot alert CVEs exceed an EPSS threshold and fail the workflow.
2
stars
1
forks
source link
Enhancement - Status Policy - Decide how to handle non-open alerts that are not "Fixed" #11
Open
felickz opened 2 months ago
Should we still report on certain status and consider even failing on dismissed items. Add these to the report #10
Currently thinking to have these buckets - could make this a configurable policy on the action
States:
auto_dismissed
,dismissed
,fixed
,open
Dismissed Reasons:
fix_started
,inaccurate
,no_bandwidth
,not_used
,tolerable_risk
Proposed default policy: