search

google / osv-scanner

Vulnerability scanner written in Go which uses the data provided by https://osv.dev
https://google.github.io/osv-scanner/
Apache License 2.0
6.01k stars 337 forks source link

filter out unimportant vulnerabilities from vuln group #1072

Closed hogo6002 closed 2 days ago

hogo6002 commented 3 days ago

https://github.com/google/osv-scanner/pull/968 only filters out unimportant vulnerabilities from pkgVulns.Vulnerabilities but not from pkgVulns.Groups. This causes some unimportant vulnerabilities to still appear in the scanner output. Fixing this issue by ignoring all unimportant vulnerability groups.

codecov-commenter commented 3 days ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 65.35%. Comparing base (fdca369) to head (e6b1130). Report is 1 commits behind head on main.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #1072 +/- ## ======================================= Coverage 65.34% 65.35% ======================================= Files 150 150 Lines 12529 12535 +6 ======================================= + Hits 8187 8192 +5 - Misses 3882 3883 +1 Partials 460 460 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.