scan-action icon indicating copy to clipboard operation
scan-action copied to clipboard
verified publisher icon anchore

Integrate GitHub security dismissed findings with Grype ignores

Open bryopsida opened this issue 3 years ago • 1 comments

I've dismissed a few alerts in the security/code scanning alerts page.

But whenever the scan action is executed it detects these vulnerabilities as being new and fails the check under Code scanning results

The job has the following permissions:

permissions:
  security-events: write

And I'm running the scan action like this:

      - name: Scan image
        id: scan
        uses: anchore/scan-action@v3
        with:
          image: ${{ steps.meta.outputs.tags }}
          fail-build: false
          severity-cutoff: "critical"
          acs-report-enable: true

Any ideas on why it's reporting the dismissed (and already existing) alerts as new in the pr checks?

bryopsida avatar Feb 24 '22 00:02 bryopsida

@bryopsida currently scan action and the github alerts page are not connected

This could be a feature enhancement where we could get scan action to be aware of these alerts and their dismissal. Is that what you're requesting?

cc @kzantow

spiffcs avatar Aug 04 '22 19:08 spiffcs