Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🐛 ignore Go stdlib vulns #3925

Merged
merged 1 commit into from
Mar 6, 2024
Merged

Conversation

spencerschrock
Copy link
Member

@spencerschrock spencerschrock commented Mar 6, 2024

What kind of change does this PR introduce?

bug fix / e2e test fix

What is the current behavior?

Go stdlib vulns are reported (since osv scanner 1.4 i think)

What is the new behavior (if this is a feature change)?**

Dont surface Go stdlib vulns. Whether or not a project is affected is a more complicated question than the version declared in the Go directive.

  • Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

Fixes #3891

As well as our e2e tests:
https://github.com/ossf/scorecard/actions/runs/8177010131/job/22357695449#step:9:23142

Special notes for your reviewer

Does this PR introduce a user-facing change?

For user-facing changes, please add a concise, human-readable release note to
the release-note

(In particular, describe what changes users might need to make in their
application as a result of this pull request.)

Go stdlib vulns are removed Vulnerabilities check output

Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock spencerschrock requested a review from a team as a code owner March 6, 2024 19:06
@spencerschrock spencerschrock requested review from naveensrinivasan and justaugustus and removed request for a team March 6, 2024 19:06
Copy link

codecov bot commented Mar 6, 2024

Codecov Report

Merging #3925 (e834fb5) into main (e9af90c) will decrease coverage by 4.60%.
The diff coverage is 0.00%.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #3925      +/-   ##
==========================================
- Coverage   75.11%   70.51%   -4.60%     
==========================================
  Files         234      234              
  Lines       15860    15864       +4     
==========================================
- Hits        11913    11187     -726     
- Misses       3187     3967     +780     
+ Partials      760      710      -50     

clients/osv.go Show resolved Hide resolved
@spencerschrock spencerschrock merged commit 6e717aa into ossf:main Mar 6, 2024
42 of 43 checks passed
@spencerschrock spencerschrock deleted the ignore-stdlib branch March 6, 2024 20:31
fhoeborn pushed a commit to fhoeborn/scorecard that referenced this pull request Apr 1, 2024
Signed-off-by: Spencer Schrock <sschrock@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

scorecard started reducing score for vulnerabilities in unrelated packages that aren't imported
2 participants