Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 ignore Go stdlib vulns #3925

Merged
merged 1 commit into from
Mar 6, 2024
Merged

🐛 ignore Go stdlib vulns #3925

merged 1 commit into from
Mar 6, 2024

Conversation

spencerschrock
Copy link
Contributor

@spencerschrock spencerschrock commented Mar 6, 2024
edited
Loading

What kind of change does this PR introduce?

bug fix / e2e test fix

What is the current behavior?

Go stdlib vulns are reported (since osv scanner 1.4 i think)

What is the new behavior (if this is a feature change)?**

Dont surface Go stdlib vulns. Whether or not a project is affected is a more complicated question than the version declared in the Go directive.

  • Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

Fixes #3891

As well as our e2e tests:
https://github.com/ossf/scorecard/actions/runs/8177010131/job/22357695449#step:9:23142

Special notes for your reviewer

Does this PR introduce a user-facing change?

For user-facing changes, please add a concise, human-readable release note to
the release-note

(In particular, describe what changes users might need to make in their
application as a result of this pull request.)

Go stdlib vulns are removed Vulnerabilities check output

@spencerschrock
ignore Go stdlib vulns
e834fb5 
Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock spencerschrock requested a review from a team as a code owner March 6, 2024 19:06
@spencerschrock spencerschrock requested review from naveensrinivasan and justaugustus and removed request for a team March 6, 2024 19:06
@codecov Codecov
Copy link

codecov bot commented Mar 6, 2024
edited
Loading

Codecov Report

Merging #3925 (e834fb5) into main (e9af90c) will decrease coverage by 4.60%.
The diff coverage is 0.00%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3925      +/-   ##
==========================================
- Coverage   75.11%   70.51%   -4.60%     
==========================================
  Files         234      234              
  Lines       15860    15864       +4     
==========================================
- Hits        11913    11187     -726     
- Misses       3187     3967     +780     
+ Partials      760      710      -50

naveensrinivasan
naveensrinivasan approved these changes Mar 6, 2024
View reviewed changes
clients/osv.go Show resolved Hide resolved
@spencerschrock spencerschrock merged commit 6e717aa into ossf:main Mar 6, 2024
42 of 43 checks passed
@spencerschrock spencerschrock deleted the ignore-stdlib branch March 6, 2024 20:31
fhoeborn pushed a commit to fhoeborn/scorecard that referenced this pull request Apr 1, 2024
@spencerschrock @fhoeborn
🐛 ignore Go stdlib vulns (ossf#3925)
0bf4d6b 
Signed-off-by: Spencer Schrock <sschrock@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@naveensrinivasan naveensrinivasan naveensrinivasan approved these changes

@justaugustus justaugustus Awaiting requested review from justaugustus justaugustus is a code owner automatically assigned from ossf/scorecard-maintainers

Assignees
No one assigned
Labels
None yet
Projects
Scorecard - NEW
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

scorecard started reducing score for vulnerabilities in unrelated packages that aren't imported
2 participants
@spencerschrock @naveensrinivasan