vuls
vuls copied to clipboard
ignore CVEs by pattern-matching in Summary field
Hi! In our environment, we can blacklist whole linux modules (eg NFC, bluetooth, InfiniBand networking). We would like a feature to ignore CVEs by a keyword list, preferrably also applied to API server submissions.
What do you think? Thanks
Did you try ignorePkgsRegexps
option?
https://vuls.io/docs/en/usage-report.html#example-ignorepkgsregexp
ignorePkgsRegexp
has different granularity. All of the modules and their CVEs are covered under one package regex ^linux-image-.*
(in our Debian env). This would suppress other relevant CVEs.
Thanks!
(aside: this option and related ignoreCves
are not working for us via API server, cf#1267 )
Hi @hdhoang i just submitted a PR for #1267 which is #1270 hopefully it gets merged soon <3 Also, Could you give us more example of what you want and how would your keyword list would look like?
Thanks.
Isn't what you're expecting is that you want to ignore CVE's that are pattern matched in the summary field in cveContents(ex. cveContents[nvd][summary], cveContents[ubuntu][summary]), and you want to be able to accept keywords that match that pattern?
I imagine the setting entry (for default
list, and servers
, containers
tables) look like:
ignoreSummaryPatterns = [
"* DISPUTED *",
"f2fs filesystem",
"drivers/net/wireless",
]
and the CVE is skipped if any of the datasource Summary fields contains such a substring. Cascading/shadowing behaviour should be consistent with other ignore*
settings.
ex. cveContents[nvd][summary], cveContents[ubuntu][summary]
Ah, that's deeper structure than I imagined, thanks for clarifying.
ah feel free to reopen if people want this feature. thanks for the effort