xeol icon indicating copy to clipboard operation
xeol copied to clipboard
verified publisher icon xeol-io

Suppress Findings

Open stealthrabbi opened this issue 1 year ago • 4 comments

Is it possible to suppress an EOL finding? For example, xeol is indicating that the EOL for spring-boot is coming. THere's no newer version to upgrade to, so i want to suppress this. Is that possible? I do not see any documentation on what the configuration file can take.

NAME         VERSION  EOL         DAYS EOL  TYPE         
spring-boot  3.1.5    2024-05-18  100       java-archive
1 error occurred:
        * discovered EOL packages
        ```

stealthrabbi avatar Aug 26 '24 12:08 stealthrabbi

this is a good idea. since we dont have a CVE or other stable ID like a vulnerability scanner, we could hijack our fingerprinting logic to use in suppressing findings

https://github.com/xeol-io/xeol/blob/main/xeol/match/fingerprint.go

noqcks avatar Aug 26 '24 15:08 noqcks

Thanks. Just to be clear, this is a capability not possible in xeol currently?

stealthrabbi avatar Aug 26 '24 16:08 stealthrabbi

Nope, not currently possible

noqcks avatar Sep 03 '24 21:09 noqcks

Any chance of suppressions being added soon? I'm runnign in to issues where the endolife data source has version of React < 19 as being end of life, but I don't think that's actually true in reality.

stealthrabbi avatar Feb 03 '25 12:02 stealthrabbi