feature request: snooze/hide vulnerabilities in the "system layer"

[deutrino]

Hello and thank you for this wonderful plugin, I have been dreaming for years of something like it.

With the update to 3.0.0, I note that PHP issues are now being reported, which is great. However, in my experience there are a few wrinkles:

• The latest PHP on Debian stable is 8.2.7, which WPVulnerability reports as being vulnerable to various exploits that were fixed in 8.2.9. However it appears that the Debian security team hasn't backported them nor offered an update to PHP yet, and they're not critical vulnerabilities.
• WPVulnerability flags these all as 'critical' issues in Site Health.
• My shop uses a remote Wordpress monitoring setup which, unfortunately, uses Site Health as a reporting metric.

The upshot being, it would be really nice (for me, and probably others?) to be able to hide (or at least 'snooze') vulnerability notices so that they no longer impact Site Health.

This would also be true for people on shared hosting who can't do anything (other than complain to the host) about the installed PHP version, as well as httpd and the other portions of the stack that people are requesting this plugin scan (and it would be cool if it did!)

Thanks again for all your hard work.

[deutrino]

PS does the plugin account for old versions that have had fixes backported, as is often the case in Debian once a release has been out for a while?

[javiercasares]

I'll look at this... it's a really good idea.

[javiercasares]

Probably will be fixed with #90.