Filter results by advisory type

google / osv-scanner

Vulnerability scanner written in Go which uses the data provided by https://osv.dev

https://google.github.io/osv-scanner/

Apache License 2.0

6.12k stars 343 forks source link

Filter results by advisory type #623

Open another-rex opened 10 months ago

another-rex commented 10 months ago

Add the ability to filter the vulnerability results by the advisory type.

For example I might be only interested in malicious packages.

andrewpollock commented 10 months ago

Is there a canonical definition for "advisory type"?

I wonder if this should be by prefix, in the absence of one?

another-rex commented 10 months ago

I don't think there is one, but prefix might be misleading since most prefixes is describing the source rather than the actual type of advisory it is.

andrewpollock commented 10 months ago

prefix might be misleading

I agree, the malicious packages source is the first source that I'm aware of that introduces this notion of there being a type other than a vulnerability advisory...

github-actions[bot] commented 2 months ago

This issue has not had any activity for 60 days and will be automatically closed in two weeks

github-actions[bot] commented 1 month ago

Automatically closing stale issue