You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Use the output of the first party callsite analysis for this.
Make sure that first party analysis is scoped to the manifest path that the vulnerability was discovered in, so that we dont over-match from different manifests in the same repo.
/src/index.js has an import of axios, and should be flagged as being vulnerable (since /package.json contains the vulnerable version).
/some/other/package/src/index.js also contains an import of axios, but this should not be marked as vulnerable since the version of axios used is axios@2
Tasks:
Easiest path is building a UI to hold ignore rules
Harder path is putting a .lunatraceignore file into repos
The text was updated successfully, but these errors were encountered:
Use the output of the first party callsite analysis for this.
Make sure that first party analysis is scoped to the manifest path that the vulnerability was discovered in, so that we dont over-match from different manifests in the same repo.
For example:
axios@1contains a vulnerability./src/index.jshas an import ofaxios, and should be flagged as being vulnerable (since/package.jsoncontains the vulnerable version)./some/other/package/src/index.jsalso contains an import ofaxios, but this should not be marked as vulnerable since the version of axios used isaxios@2Tasks:
.lunatraceignorefile into reposThe text was updated successfully, but these errors were encountered: