Composer Audit: ability to ignore vulnerabilities #11294
Answered
by
Seldaek
ivancli
asked this question in
Q&A / Support
-
Hi guys, we use composer audit in a CI pipeline of our project to check vulnerabilities. However once a vulnerability is discovered, the pipeline fails and blocks the subsequent processes, e.g. deployment. Just wondering if composer has a built-in functionality to ignore a list of vulnerabilities by CVE IDs. If not, will this be considered to be implemented in the near future? You can find similar functionality in Aqua Trivy which ignores vulnerabilities specified in the .trivyignore file. |
Beta Was this translation helpful? Give feedback.
Answered by
Seldaek
Feb 4, 2023
Replies: 1 comment
-
Makes sense IMO, moved to #11298 |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
Seldaek
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Makes sense IMO, moved to #11298