-
Notifications
You must be signed in to change notification settings - Fork 362
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
suppressing duplicate CVE with osv-scanner 1.5.0 & 1.9.1 #1367
Comments
After more investigation I found the reason was duplicate cve id, where he first one was expired. I did not post full files for security reason.. I had expected that osv-scanner checks for uniqueness. I found that by creating this code that lints the toml file:
Maybe this still counts as a input validation bug for osv-scanner. We discussed internally, we all had expected an error in he case of duplicate CVE id. So leave it open for you to decide if it is user error. <3 |
@G-Rath Can you take a look at adding validation for duplicate config entries when you have time? |
I have problems creating suppression entries for CVE's:
my latest version is
my gradle.lockfile contains this line:
my suppression.toml contains:
the related osv db entry is: https://osv.dev/vulnerability/GHSA-9623-mqmm-5rcf
I run the command like so:
The content of suppressions.toml:
The text was updated successfully, but these errors were encountered: