Add the possibility to pass a list of trusted packages that can be ignored with Trusty rule type

stacklok / minder

Software Supply Chain Security Platform

https://minder-docs.stacklok.dev/

Apache License 2.0

255 stars 36 forks source link

Add the possibility to pass a list of trusted packages that can be ignored with Trusty rule type #4644

Open samuv opened 1 week ago

samuv commented 1 week ago

Hi!

During this issue, I noticed that there's currently no way to ignore the evaluation of specific packages within the pr_trusty_check configuration.

It might be useful to add an option to define a list of known or accepted risks, allowing users to skip repeated warnings for certain packages. This could help reduce noise and make the review process more efficient.

jhrozek commented 5 days ago

I'm going to move this to minder, because the evalutor will have to be adjusted and in general issues in minder have a higher visibility.