retire.js icon indicating copy to clipboard operation
retire.js copied to clipboard

Published 20 hours ago verified publisher icon RetireJS

is there any way to filter redundant security vulnerabilities entries of same JS Library in response?

Open mathuriga opened this issue 6 years ago • 3 comments

There could be a possibility to use a js library in different locations in a project. When I tried to Retire.js scan against project root directory, I got redundant entries of some JS Libraries. Is there any way to filter those redundant entries in retire.json?

mathuriga avatar Apr 05 '18 09:04 mathuriga

It currently reports every file it find that contains a certain vulnerability (or every module) and there is no way to filter that, because they are actually separate findings.

eoftedal avatar Apr 06 '18 07:04 eoftedal

@mathuriga Maybe we could add a flag that would merge redundant findings... Is this something you need for console output, or JSON output ?

eoftedal avatar Apr 06 '18 12:04 eoftedal

@eoftedal Yes. I need kind of requirement to generate separate JSON output which merges the redundant findings. Is it possible to do with retire.js?

mathuriga avatar Apr 11 '18 07:04 mathuriga

The CycloneDX-JSON export actually does this, so closing.

eoftedal avatar Feb 17 '23 09:02 eoftedal