- changed status to resolved
Allow "acknowledgement" of security issues
Issue #224
resolved
Often a project isn't affected by a particular security vulnerability (eg. because the vulnerable code path is never executed in the using application or because other counter measures prevent the vulnerability from being exploited).
Add an option to "acknowledge" (with mandatory comment) a particular vulnerability for a dependency. Of course the acknowledgement should be reset once ANOTHER vulnerability for that dependency gets known.
Comments (1)
-
- Log in to comment
Is implemented and deployed to production. Now it is possible to mute & unmute security vulnerabilities, just like versions.