Closed johnwhiteman closed 9 years ago
You mean where we opt not to address a CVE?
Yes. I got ping'd on this today. There will be cases when CVEs may have patches available but we decided not to do it. Maybe this is not the tool but elsewhere where we track our decision and the state is set accordingly.
From: Ikey Doherty [mailto:notifications@github.com] Sent: Tuesday, April 28, 2015 1:30 PM To: ikeydoherty/cve-check-tool Cc: Whiteman, John L Subject: Re: [cve-check-tool] Ignore Patches State (#8)
You mean where we opt not to address a CVE?
— Reply to this email directly or view it on GitHub https://github.com/ikeydoherty/cve-check-tool/issues/8#issuecomment-97198985 . https://github.com/notifications/beacon/ALGQ_T2aM7Ry9fMdLvkziukXYgFZEc2Tks5oD-VVgaJpZM4EK_v_.gif
We've already got that, just create a cve-xxxx-xxxx.nopatch file :)
This is complete now. New status state added. Now reflected in html report.
How do we want to handle cases where patches exist but we don't plan to use them for whatever reason? This is another state that should be added for tracking purposes.