Comments (3)
matthewdeanmartin
commented on June 2, 2024
2
ignore is a good term as well.
from jake.
matthewdeanmartin
commented on June 2, 2024
This is going to be a problem soon for people trying to use this on a build server, as soon as a common package has an unpatchable vulnerability, e.g. pip's CVE-2018-20225.
It doesn't look like I can give jake a list of packages (it is checking packages in the venv?) or I could "skip" unfixable that way.
The output for a given failure is many idiosyncratic lines, so I can't easily parse the text & ignore the cve that way.
from jake.
DarthHater
commented on June 2, 2024
A note, don't use the term whitelist, we were in process of switching this in auditjs, just never got it taken care of. The issue where we were tracking that is here: sonatype-nexus-community/auditjs#202.
Suggestion allow-list or deny-list for the inverse if you went that direction.
The bonus of using the new terms is they are easier to translate outside of English, as well!
from jake.
Related Issues (20)
- [FEATURE] Type check `jake` PEP-561 HOT 1
- [CI] Streamline CI Jobs
- [BUG] Jake crashes on ddt scan "AttributeError: 'OssIndexComponent' object has no attribute 'has_known_vulnerabilities'" HOT 3
- [BUG] Typo in --schema-version argument HOT 1
- [BUG] jake ddt failure: unexpected keyword argument 'sonatype_ossi_score' HOT 13
- [BUG] KeyError: 'displayName' HOT 3
- [FEATURE] Confirm support for updated data in OSSIndex
- [BUG] Jake ddt does not honor Python virtual environments HOT 1
- [FEATURE] update rich dependency HOT 3
- [BUG] - "CWE-noinfo" not handled HOT 3
- [BUG] -f option uses wrong encoding (cp1252) on Windows for UTF-8 files
- [BUG] jake ddt fails with ValueError: invalid literal for int() with base 10: 'noinfo' - both v2.1.1 and v3 HOT 17
- [FEATURE] Deprecate support for Python 3.6
- [FEATURE] Officially support Python 3.11
- [FEATURE] Update to `poetry` `1.4.0` HOT 1
- [BUG] Unreliable result when using STDIN / conda list HOT 3
- [FEATURE] support cyclonedx-bom's -pb flag
- [FEATURE] Remove dependency Pin to Rich HOT 1
- [BUG] No reported vulnerability for conda packages
- [BUG] Conda scanner not recognizing known vulnerability
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jake.