Composer Audit: ability to ignore vulnerabilities

[ivancli]

Hi guys, we use composer audit in a CI pipeline of our project to check vulnerabilities. However once a vulnerability is discovered, the pipeline fails and blocks the subsequent processes, e.g. deployment.

Just wondering if composer has a built-in functionality to ignore a list of vulnerabilities by CVE IDs.

If not, will this be considered to be implemented in the near future?

You can find similar functionality in Aqua Trivy which ignores vulnerabilities specified in the .trivyignore file.

[Seldaek]

Makes sense IMO, moved to #11298