-
Notifications
You must be signed in to change notification settings - Fork 551
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
--by-cve takes a noticeable amount more time to complete #1185
Comments
NOTE: I'm seeing the
|
Thanks @westonsteimel for fixing this so quickly! I can confirm the performance issues are now gone. With or without I can also confirm the However, the result is that the CVEs are now shown twice, once with a known fixed version (the one which was previously
Shouldn't these results be de-duplicated? My use case is to block a pipeline when there are known fixes, or vulnerabilities for which the fix state is unknown (in which case the vulnerability needs manual analysis). I want to skip vulnerabilities for which there is no fix (wont-fix, not-fixed). Leaving the duplicate CVE with a fix state of unknown (even though the fix state is known, in the second instance of the same CVE) would cause issues for my use case.
|
Using the
--by-cve
flag doesn't filter out the duplicates (and also takes 10x as long, from 15s to 2m38s). Both CVE-2020-9547 and GHSA-q93h-jc49-78gg are still in the output and only the GHSA-q93h-jc49-78gg one has a fixed version.Originally posted by @JipSogeti in #236 (comment)
The text was updated successfully, but these errors were encountered: