Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate GitHub security dismissed findings with Grype ignores #142

Open
bryopsida opened this issue Feb 24, 2022 · 1 comment
Open

Integrate GitHub security dismissed findings with Grype ignores #142

bryopsida opened this issue Feb 24, 2022 · 1 comment
Labels
enhancement New feature or request

Comments

@bryopsida
Copy link

bryopsida commented Feb 24, 2022
edited
Loading

I've dismissed a few alerts in the security/code scanning alerts page.

But whenever the scan action is executed it detects these vulnerabilities as being new and fails the check under Code scanning results

The job has the following permissions:

permissions:
  security-events: write

And I'm running the scan action like this:

      - name: Scan image
        id: scan
        uses: anchore/scan-action@v3
        with:
          image: ${{ steps.meta.outputs.tags }}
          fail-build: false
          severity-cutoff: "critical"
          acs-report-enable: true

Any ideas on why it's reporting the dismissed (and already existing) alerts as new in the pr checks?
@spiffcs spiffcs added this to OSS May 26, 2022
@spiffcs spiffcs added the bug Something isn't working label Jul 13, 2022
@spiffcs
Copy link
Contributor

spiffcs commented Aug 4, 2022

@bryopsida currently scan action and the github alerts page are not connected

This could be a feature enhancement where we could get scan action to be aware of these alerts and their dismissal. Is that what you're requesting?

cc @kzantow

@spiffcs spiffcs moved this to Parking Lot (Comments or Progress) in OSS Aug 4, 2022
@kzantow kzantow added enhancement New feature or request and removed bug Something isn't working labels Nov 3, 2022
@kzantow kzantow changed the title Dismissed findings fail in subsequent checks Integrate GitHub security dismissed findings with Grype ignores Nov 3, 2022
@kzantow kzantow moved this from Parking Lot (Comments or Progress) to Backlog (Pulled Forward for Priority) in OSS Nov 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
OSS
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kzantow @bryopsida @spiffcs