Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

osv-scanner.toml package override ignored by github action #1499

Open
gingerbenw opened this issue Feb 3, 2025 · 2 comments
Open

osv-scanner.toml package override ignored by github action #1499

gingerbenw opened this issue Feb 3, 2025 · 2 comments

Comments

@gingerbenw
Copy link

When using osv-scanner configuration toml, ignored vulnerabilities are honoured by the github action, but ignored packages are not. This configuration works when running the osv-scanner tool locally, so I believe this may be an issue with the action.

Example repo here
@spencerschrock
Copy link
Member

Scorecard respects that configuration it at HEAD, but not at v5.0.0 which is what v2.4.0 of this action uses. So this is likely something that was fixed/introduced in an update to osv-scanner which hasn't made it here yet.

We are trying to cut a new release(see #1478 and #1473), but I'm trying to get ossf/scorecard#4474 merged first.

@gingerbenw
Copy link
Author

@spencerschrock Thanks for the quick response! I'll keep an eye out and check it out in the next release. 👍🏻

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@spencerschrock @gingerbenw