Allow whitelisting of CVEs with .cveignore (!6) · Merge requests · GitLab.org / security-products / gitlab-depscan

Dustin Collins requested to merge whitelist-cves-3 into master Feb 07, 2020

This change allows users to ignore CVEs not relevant to their project, for example when the vulnerability does not affect their OS.

The ignore file is a text file passed in as an optional second parameter, with one CVE on each line. Comments are allowed.

Example:

.cveignore

# This is why we whitelisted this
CVE-2019-15548
# This is why we whitelisted that
CVE-2019-10192

Edited Oct 29, 2021 by 🤖 GitLab Bot 🤖

Allow whitelisting of CVEs with .cveignore