errorMissedIgnores parameter

action.yml

@@ -13,6 +13,11 @@ inputs:
     default: medium
   ignore_list:
     description: List of CVE IDs to ignore in the vulnerability findings.
+  error_missed_ignores:
+    description: >
+      Set to true if you want to raise an error when CVEs in the ignore list are not found.
+    required: false
+    default: true
 outputs:
   critical:
     description: Number of critical vulnerabilities detected.

index.js

@@ -174,6 +174,7 @@ const main = async () => {
   const tag = core.getInput('tag', { required: true })
   const failThreshold = core.getInput('fail_threshold') || 'high'
   const ignoreList = parseIgnoreList(core.getInput('ignore_list'))
+  const errorMissedIgnores = core.getInput('error_missed_ignores') === 'false' ? false : true;
 
   const proxyUrl = process.env.HTTPS_PROXY || process.env.https_proxy
   if (proxyUrl !== undefined) {
@@ -240,7 +241,11 @@ const main = async () => {
     const missedIgnores = ignoreList.filter(vulnerabilityId => !ignoredFindings.map(({ packageVulnerabilityDetails }) => packageVulnerabilityDetails.vulnerabilityId).includes(vulnerabilityId));
     console.log('The following CVEs were not found in the result set:');
     missedIgnores.forEach(miss => console.log(`  ${miss}`));
-    throw new Error(`Ignore list contains CVE IDs that were not returned in the findings result set. They may be invalid or no longer be current vulnerabilities.`);
+    if (errorMissedIgnores) {
+      throw new Error(`Ignore list contains CVE IDs that were not returned in the findings result set. They may be invalid or no longer be current vulnerabilities.`);
+    } else {
+      core.warning(`Ignore list contains CVE IDs that were not returned in the findings result set. They may be invalid or no longer be current vulnerabilities.`);
+    }  
   }
 
   const ignoredCounts = countIgnoredFindings(ignoredFindings)