You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Scenario: For a component, say Snyk reported a vulnerability earlier. Now it is no longer vulnerable. But in DT we don't have any process to remove such vulnerability from our records, and it is being reported to users as vulnerable.
When we receive records from Snyk, we filter the records which have non-empty data and in this case, such vulnerabilities are never deleted.
Proposed Behavior
Implement cleanup of 'no longer vulnerable' vulnerabilities.
When we receive records from Snyk, we filter the records which have non-empty data and in this case, such vulnerabilities are never deleted.
Are you saying Snyk reports vulnerability record without any data, when they revoke an entry?
Is this issue about actual deletion of VULNERABILITY records, or about auto-supression of findings?
Yes it seems Snyk returns record with empty data if that component version is no longer vulnerable. We've observed this with pkg:maven/org.springframework/[email protected]
It's impacting all projects with this component.
Currently, to remove such vulnerability, the project has to be deleted and re-uploaded.
Yes it seems Snyk returns record with empty data if that component version is no longer vulnerable.
Oh wow, seems like a really odd thing to do...
In that case the Snyk analyzer could set the rejected field of the vulnerability.
sahibamittal
changed the title
Delete 'no longer vulnerable' vulnerabilities reported by Snyk
Suppress 'no longer vulnerable' vulnerabilities reported by Snyk
Jan 14, 2025
Current Behavior
Scenario: For a component, say Snyk reported a vulnerability earlier. Now it is no longer vulnerable. But in DT we don't have any process to remove such vulnerability from our records, and it is being reported to users as vulnerable.
When we receive records from Snyk, we filter the records which have non-empty
data
and in this case, such vulnerabilities are never deleted.Proposed Behavior
Implement cleanup of 'no longer vulnerable' vulnerabilities.
Checklist
The text was updated successfully, but these errors were encountered: