Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Option to disable specific checks #222

Open
nedjitef opened this issue Dec 29, 2021 · 1 comment
Open

Option to disable specific checks #222

nedjitef opened this issue Dec 29, 2021 · 1 comment
Assignees
@xeraph
Labels
discussion question or suggestion

Comments

@nedjitef
Copy link
Contributor

nedjitef commented Dec 29, 2021
edited
Loading

Hi,

there is at least one CVE around, which requie the attacker to have write access to the configuration. Now I saw another one and kind of lost track of it.

Not sure, but if it's not a single CVE but two, would it be possible to add an option to opt out scanning for CVEs, where write access to a configuration file is required?

Checking log4j doesn't help much, if the attacker already has write access to parts of the application.
@xeraph xeraph self-assigned this Dec 30, 2021
@xeraph xeraph added the discussion question or suggestion label Dec 30, 2021
@tsaibabu4u
Copy link

It would be nice option to skip specific or some of CVE-2021-xxx from scanning

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@xeraph xeraph

Labels
discussion question or suggestion
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@xeraph @tsaibabu4u @nedjitef