Closed josh-linushealth closed 3 months ago
pzi
commented
4 months ago Heya, thanks for the PR.
Your code makes it a warning instead of an error to fail a build, which is fine, but I suppose I wouldn't call it "ignore". You could rename the parameter to something like "missedCVELogLevel" (or whatever sounds better) and the possible values would be "warn" or "error". This way it's clearer what's going to happen.
Additionally, please update the README where appropriate.
Thanks
alexjurkiewicz
commented
3 months ago thanks for taking care of this Patrik. Sorry for the lack of response!
On Fri, 2 Aug 2024 at 17:05, Patrik Affentranger @.***> wrote:
@.**** commented on this pull request.
LGTM, thanks @josh-linushealth https://github.com/josh-linushealth
— Reply to this email directly, view it on GitHub https://github.com/alexjurkiewicz/ecr-scan-image/pull/48#pullrequestreview-2215089260, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAC4U5KKIPOS3AJGHQ6DB4LZPNDWLAVCNFSM6AAAAABJ2MPGP2VHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZDEMJVGA4DSMRWGA . You are receiving this because you were mentioned.Message ID: @.***>
Introduces parameter to only raise a warning when CVE's defined in the ignore list are not found in scan results. Currently this will result in an error.
This parameter defaults to true as to remain a non-impactful change.