ignore CVEs by pattern-matching in Summary field #1269

Did you try ignorePkgsRegexps option? https://vuls.io/docs/en/usage-report.html#example-ignorepkgsregexp

ignorePkgsRegexp has different granularity. All of the modules and their CVEs are covered under one package regex ^linux-image-.* (in our Debian env). This would suppress other relevant CVEs.

Thanks!

(aside: this option and related ignoreCves are not working for us via API server, cf#1267 )

Hi @hdhoang i just submitted a PR for #1267 which is #1270 hopefully it gets merged soon <3 Also, Could you give us more example of what you want and how would your keyword list would look like?

Thanks.

Isn't what you're expecting is that you want to ignore CVE's that are pattern matched in the summary field in cveContents(ex. cveContents[nvd][summary], cveContents[ubuntu][summary]), and you want to be able to accept keywords that match that pattern?

I imagine the setting entry (for default list, and servers, containers tables) look like:

ignoreSummaryPatterns = [
  "* DISPUTED *",
  "f2fs filesystem",
  "drivers/net/wireless",
]

and the CVE is skipped if any of the datasource Summary fields contains such a substring. Cascading/shadowing behaviour should be consistent with other ignore* settings.

ex. cveContents[nvd][summary], cveContents[ubuntu][summary]

Ah, that's deeper structure than I imagined, thanks for clarifying.

ah feel free to reopen if people want this feature. thanks for the effort