Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Suppress Findings #390

Open
stealthrabbi opened this issue Aug 26, 2024 · 3 comments
Open

Suppress Findings #390

stealthrabbi opened this issue Aug 26, 2024 · 3 comments
Labels
bug Something isn't working

Comments

@stealthrabbi
Copy link

Is it possible to suppress an EOL finding? For example, xeol is indicating that the EOL for spring-boot is coming. THere's no newer version to upgrade to, so i want to suppress this. Is that possible? I do not see any documentation on what the configuration file can take.

NAME         VERSION  EOL         DAYS EOL  TYPE         
spring-boot  3.1.5    2024-05-18  100       java-archive
1 error occurred:
        * discovered EOL packages
        ```
@stealthrabbi stealthrabbi added the bug Something isn't working label Aug 26, 2024
@noqcks
Copy link
Collaborator

noqcks commented Aug 26, 2024

this is a good idea. since we dont have a CVE or other stable ID like a vulnerability scanner, we could hijack our fingerprinting logic to use in suppressing findings

https://github.com/xeol-io/xeol/blob/main/xeol/match/fingerprint.go

@stealthrabbi
Copy link
Author

Thanks. Just to be clear, this is a capability not possible in xeol currently?

@noqcks
Copy link
Collaborator

noqcks commented Sep 3, 2024

Nope, not currently possible

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@stealthrabbi @noqcks and others