-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add 'suppress until' config to temporarily suppress a vulnerability #1145
Comments
Interesting idea - thanks for the suggestion. It may take us a while to get to this - but PRs are always welcome. |
@jeremylong I'm willing to give this a try.... I'll try to come up with a PR for this |
Note - we still need to update the documentation on this feature. Regardless - Thanks for the PR! |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
In a situation where we know a dependency vulnerability fix is incoming, it would be nice to not have to remember to un-suppress it.
For example, CVE-2018-7489 is fixed: FasterXML/jackson-databind#1931
but awaiting release: https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.5
Example
Proposed new config added to reenable warnings after specified date:
<until>2018-04-01</until>
Similar to https://github.com/unruly/junit-rules/blob/master/README.md#ignore-tests-until-a-certain-date-or-datetime
The text was updated successfully, but these errors were encountered: