Open Conklin-Spencer-bah opened 1 week ago
Hello, thank you for the feature request. We understand your workflows would be improved by being able to exclude individual findings. We will add your feature request to our backlog. I cannot offer an ETA as to when this work would begin; however, this is a topic that we discuss regularly. We also welcome contributions if anyone from the community wishes to help.
Description
Instead of skipping entire files it would be nice if there was a way to skip individual findings based on an exception. This could be done either by passing in command line arguments or having a file such as a .exceptions file containing a list of libraries to ignore.
Expected Behavior
Pass individual packages and or vulnerabilities with them based on a commandline argument.
Actual Behavior
Right now the exception process ignores all of the packages in the sbom if you specify it. There are cases where only a single package in the file needs to have an exception.