Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Having the action report only certain level of vulnerabilities and above #321

Open
pantelis-karamolegkos opened this issue May 27, 2024 · 2 comments
Labels
enhancement New feature or request

Comments

@pantelis-karamolegkos
Copy link

I know there is the severity-cutoff: <level> option for making the GHA workflow fail if vulnerabilities of a <level> and above are found.

Is there a way however to configure the action to also only report vulnerabilities of a base level and above? The output is kind of overwhelming.

@kzantow
Copy link
Contributor

kzantow commented Jul 11, 2024

There is a corresponding change in Grype that is necessary: anchore/grype#1892 (or anchore/grype#197)

@popey popey added the enhancement New feature or request label Jul 11, 2024
@willmurphyscode willmurphyscode moved this to Ready in OSS Aug 5, 2024
@popey
Copy link
Contributor

popey commented Aug 15, 2024

There's an open discussion on discourse over here, if you'd like to help chart this. https://anchorecommunity.discourse.group/t/how-can-we-make-grypes-output-more-focused/57

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
Status: Ready
Development

No branches or pull requests

3 participants