Github Reusable Workflow - being able to fail to job by a minimum severity

google / osv-scanner

Vulnerability scanner written in Go which uses the data provided by https://osv.dev

https://google.github.io/osv-scanner/

Apache License 2.0

6.28k stars 363 forks source link

Github Reusable Workflow - being able to fail to job by a minimum severity #712

Open fingeromer opened 11 months ago

fingeromer commented 11 months ago

Hi, is there a way to set a minimum CVSS for failing the reusable PR scanner workflow? For example, new package with CVE of 2.1 CVSS, only print log, but won't fail the step.

oliverchang commented 11 months ago

Extending on this, it might make sense to keep this consistent with the prioritisation mechanisms for guided remediation: https://github.com/google/osv-scanner/issues/352

minimum severity
maximum dependency depth
dev vs non dev

github-actions[bot] commented 4 months ago

This issue has not had any activity for 60 days and will be automatically closed in two weeks

github-actions[bot] commented 4 months ago

Automatically closing stale issue