Open stealthrabbi opened 1 month ago
this is a good idea. since we dont have a CVE or other stable ID like a vulnerability scanner, we could hijack our fingerprinting logic to use in suppressing findings
https://github.com/xeol-io/xeol/blob/main/xeol/match/fingerprint.go
Thanks. Just to be clear, this is a capability not possible in xeol currently?
Nope, not currently possible
Is it possible to suppress an EOL finding? For example, xeol is indicating that the EOL for spring-boot is coming. THere's no newer version to upgrade to, so i want to suppress this. Is that possible? I do not see any documentation on what the configuration file can take.