osv-detector icon indicating copy to clipboard operation
osv-detector copied to clipboard
verified publisher icon G-Rath

feat: support updating config ignores

Open G-Rath opened this issue 1 year ago • 0 comments

This adds a --update-config-ignores flag that aims to update the osv-detector configs to ignore all found vulnerabilities for the related lockfile if a config exists.

For now I'm keeping this as a draft because while I think it's actually good to go, the main cli tests defeated me a bit as it's painful to craft all the different tests required; that's also why I've not yet done any cleanup or deduplication of the test helpers.

I also had to update the yaml library to v3 in order to support indenting, which required a few other unrelated changes - I'll pull that into a separate PR at some point but I'm not rushing because it adds ~20kb to the binary with no extra advantage (until now).

There's also a few "extensions" on this that could be done, including having the detector note when there are ignored vulnerabilities that are no longer present, a custom indent level, and better handling of existing ignores (rather than requiring --no-config-ignores be set).

G-Rath avatar Feb 02 '24 00:02 G-Rath