Github action still reports aliases of suppressed vulnerabilities #634
Assignees
Labels
bug
Something isn't working
Comments
Merged
another-rex
added a commit
that referenced
this issue
Nov 27, 2023
Fixes #634 The actual change is just adding an `Aliases` field to the Group output, that combines all the IDs and aliases together. A lot of fixtures had to be updated though. Added an additional test for this in `main_test`, and also modified a test in `osvscanner_internal_tests.go` Also added `omitempty` tag to `PackageInfo.commit` which it should have contained in the first place.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
After adding the OSV-Scanner github action to Package Analysis, (PR action config, scheduled action config), the action picked up the CVE-2020-8911 vulnerability.
Since this does not actually affect us, we followed the suggested remediation steps and suppressed it using this osv-scanner.toml config.
However, the OSV-scanner job still fails on subsequent workflow runs and reports the presence of
GO-2022-0646, which is an alias ofCVE-2020-8911.The text was updated successfully, but these errors were encountered: