Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Filter vulnerabilities by path #1000

Open
2 tasks
factoidforrest opened this issue Nov 18, 2022 · 0 comments
Open
2 tasks

Filter vulnerabilities by path #1000

factoidforrest opened this issue Nov 18, 2022 · 0 comments
Projects
LunaTrace Feature Roadmap

Comments

@factoidforrest
Copy link
Contributor

factoidforrest commented Nov 18, 2022
edited by breadchris

Use the output of the first party callsite analysis for this.

Make sure that first party analysis is scoped to the manifest path that the vulnerability was discovered in, so that we dont over-match from different manifests in the same repo.

For example:

/package.json -> axios@1
/some/other/package/package.json -> axios@2

axios@1 contains a vulnerability.

/src/index.js has an import of axios, and should be flagged as being vulnerable (since /package.json contains the vulnerable version).

/some/other/package/src/index.js also contains an import of axios, but this should not be marked as vulnerable since the version of axios used is axios@2

Tasks:

  • Easiest path is building a UI to hold ignore rules
  • Harder path is putting a .lunatraceignore file into repos
@factoidforrest factoidforrest created this issue from a note in LunaTrace Feature Roadmap (Roadmapped) Nov 18, 2022
@freeqaz freeqaz moved this from Roadmapped to Planned in LunaTrace Feature Roadmap Nov 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
LunaTrace Planning
Status: 📋 Backlog
LunaTrace Feature Roadmap
Planned
Milestone
No milestone
Development

No branches or pull requests
1 participant
@factoidforrest