component-detection icon indicating copy to clipboard operation
component-detection copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Add osv-scanner.toml configuration to verification tests folders

Open cobya opened this issue 10 months ago • 0 comments

For our OpenSSF Scorecard, we are consistently flagged for vulnerabilities in code which does not build but are used in our verification tests. Using the documentation at https://google.github.io/osv-scanner/configuration/ we should add exclusions for the detected vulnerabilities.

### Tasks
- [ ] cocoapods
- [ ] co
- [ ] conda
- [ ] docker
- [ ] go
- [ ] gradle
- [ ] ivy
- [ ] maven
- [ ] npm
- [ ] nuget
- [ ] pip
- [ ] pnpm
- [ ] poetry
- [ ] ruby
- [ ] rust
- [ ] spd
- [ ] vcpkg

cobya avatar Apr 18 '24 22:04 cobya