Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability Deduplication #1969

Closed
KramNamez opened this issue Sep 21, 2022 · 4 comments
Closed

Vulnerability Deduplication #1969

KramNamez opened this issue Sep 21, 2022 · 4 comments
Labels
duplicate This issue or pull request already exists enhancement New feature or request

Comments

@KramNamez
Copy link
Contributor

Current Behavior:

Multiple analyzers report the same vulnerability from multiple sources, e.g.:
Internal reports GHSA-ww39-953v-wcq6 while OSS Index reports CVE-2020-28469 - both of which are the same thing.

Both issues have to be read and evaluated and suppressed independently.

Proposed Behavior:

Only one issue should be created, ideally with at least the references merged, if not the descriptions. Only one issue exists that needs to be handled by the project team.
@KramNamez KramNamez added the enhancement New feature or request label Sep 21, 2022
@msymons
Copy link
Member

msymons commented Sep 21, 2022

This is effectively a duplicate of #1642

@KramNamez
Copy link
Contributor Author

Argh, you're right. I searched for "dedup" and "deduplication" but not "de-dup". My bad.

@nscuro
Copy link
Member

nscuro commented Sep 21, 2022

Thanks @msymons, closing as duplicate.

@nscuro nscuro added the duplicate This issue or pull request already exists label Sep 21, 2022
@nscuro nscuro closed this as not planned Won't fix, can't repro, duplicate, stale Sep 21, 2022
@github-actions
Copy link
Contributor

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 22, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
duplicate This issue or pull request already exists enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@msymons @nscuro @KramNamez