> Arguably also 3. lots of CVEs which aren't applicable for some reason, so we likely need a means to whitelist those and filter them from the report.
cve-check-tool supports whitelisting and won't report the CVEs that have been marked as "ignore". The temporal faux format that I am filling in the python wrapper has a place to put such CVEs. So, only thing that would be needed from your side is to define how/where you want to store list of CVEs to be ignored for each package and I can process them in the wrapper similarly. Best Regards, Elena.
smime.p7s
Description: S/MIME cryptographic signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
