[openstack-dev] Would people see a value in the cve-check-tool?
Reshetova, Elena
elena.reshetova at intel.com
Tue Aug 4 22:06:50 UTC 2015
> Arguably also 3. lots of CVEs which aren't applicable for some reason, so
we likely need a means to whitelist those and filter them from the report.
cve-check-tool supports whitelisting and won't report the CVEs that have
been marked as "ignore". The temporal faux format that I am filling in the
python wrapper has a place to put such CVEs. So, only thing that would be
needed from your side is to define how/where you want to store list of CVEs
to be ignored for each package and I can process them in the wrapper
similarly.
Best Regards,
Elena.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7586 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150804/f3538960/attachment.bin>
More information about the OpenStack-dev
mailing list