-
|
There seem to be "bogus" vulnerability reports for the Symfony Framework. So my question is, is there a process for globally ignoring false CVEs on the Trivy database level? I am aware of |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
You can look into VEX as it could help in this case. See for more details https://www.youtube.com/watch?v=-9_r-Cg4A6Y |
Beta Was this translation helpful? Give feedback.
-
|
In general, the best way is to fix the security advisory. See https://trivy.dev/latest/community/contribute/discussion/#false-detection In this case, it's already withdrawn. Trivy DB will reflect it within 6 hours, and the Trivy client will update the cached database within 24 hours.. I'll close this discussion. |
Beta Was this translation helpful? Give feedback.
In general, the best way is to fix the security advisory. See https://trivy.dev/latest/community/contribute/discussion/#false-detection
In this case, it's already withdrawn. Trivy DB will reflect it within 6 hours, and the Trivy client will update the cached database within 24 hours.. I'll close this discussion.
GHSA-7q22-x757-cmgc