Feature Request: Individual Finding Exclusions

[Conklin-Spencer-bah]

Description

Instead of skipping entire files it would be nice if there was a way to skip individual findings based on an exception. This could be done either by passing in command line arguments or having a file such as a .exceptions file containing a list of libraries to ignore.

Expected Behavior

Pass individual packages and or vulnerabilities with them based on a commandline argument.

Actual Behavior

Right now the exception process ignores all of the packages in the sbom if you specify it. There are cases where only a single package in the file needs to have an exception.

[bluesentinelsec]

Hello, thank you for the feature request.
We understand your workflows would be improved by being able to exclude individual findings.
We will add your feature request to our backlog.
I cannot offer an ETA as to when this work would begin; however, this is a topic that we discuss regularly.
We also welcome contributions if anyone from the community wishes to help.

[job-deleij]

Hi,

Could you provide an update on the status of the feature request please? This Action is exactly what we're looking for, but this specific feature not being supported is the reason that's keeping us from actually using it. We tried suppressing specific CVEs using the Inspector console in AWS but this Action doesn't take it into account.