Is this a request for help?: Yes
Is this a BUG REPORT or a FEATURE REQUEST? (choose one): FEATURE REQUEST
Currently vulnerability->package gate-trigger has format: "CVE Name+Package name" i.e. "CVE-2021-40438+httpd-tools", so to exclude particular CVE for package it's possible to create trigger_id: CVE-2021-40438+httpd* which means that any httpd package that triggered by this CVE will be excluded via whitelisting. What if we need to create exclusion for particular package version? Is there any option or currently is unsupported? The question is in scope of CVE-2021-40438 and centos where httpd version 2.4.6-97.el7.centos.1 is not vulnerable (https://centos.pkgs.org/7/centos-updates-x86_64/httpd-2.4.6-97.el7.centos.1.x86_64.rpm.html) but this version is interpreted as vulnerable by anchore.
Is this a request for help?: Yes Is this a BUG REPORT or a FEATURE REQUEST? (choose one): FEATURE REQUEST
Currently vulnerability->package gate-trigger has format: "CVE Name+Package name" i.e. "CVE-2021-40438+httpd-tools", so to exclude particular CVE for package it's possible to create trigger_id: CVE-2021-40438+httpd* which means that any httpd package that triggered by this CVE will be excluded via whitelisting. What if we need to create exclusion for particular package version? Is there any option or currently is unsupported? The question is in scope of CVE-2021-40438 and centos where httpd version 2.4.6-97.el7.centos.1 is not vulnerable (https://centos.pkgs.org/7/centos-updates-x86_64/httpd-2.4.6-97.el7.centos.1.x86_64.rpm.html) but this version is interpreted as vulnerable by anchore.