Skip to content

Commit

Permalink
ignore Go stdlib vulns
Browse files Browse the repository at this point in the history 
Signed-off-by: Spencer Schrock <sschrock@google.com>
  • Loading branch information
@spencerschrock
spencerschrock committed Mar 6, 2024
1 parent e9af90c commit e834fb5
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions clients/osv.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,11 @@ func (v osvClient) ListUnfixedVulnerabilities(
if errors.Is(err, osvscanner.VulnerabilitiesFoundErr) {
vulns := res.Flatten()
for i := range vulns {
// ignore Go stdlib vulns. The go directive from the go.mod isn't a perfect metric
// of which version of Go will be used to build a project.
if vulns[i].Package.Ecosystem == "Go" && vulns[i].Package.Name == "stdlib" {
continue

Check warning on line 72 in clients/osv.go

View check run for this annotation

Codecov / codecov/patch

clients/osv.go#L69-L72 

Added lines #L69 - L72 were not covered by tests
}
response.Vulnerabilities = append(response.Vulnerabilities, Vulnerability{
ID: vulns[i].Vulnerability.ID,
Aliases: vulns[i].Vulnerability.Aliases,
Expand Down

0 comments on commit e834fb5

Please sign in to comment.