Github Reusable Workflow - being able to fail to job by a minimum severity

Open fingeromer opened this issue 2 years ago • 3 comments

Hi, is there a way to set a minimum CVSS for failing the reusable PR scanner workflow? For example, new package with CVE of 2.1 CVSS, only print log, but won't fail the step.

Dec 18 '23 17:12 fingeromer

Extending on this, it might make sense to keep this consistent with the prioritisation mechanisms for guided remediation: https://github.com/google/osv-scanner/issues/352

minimum severity
maximum dependency depth
dev vs non dev

Dec 18 '23 22:12 oliverchang

This issue has not had any activity for 60 days and will be automatically closed in two weeks

Jul 19 '24 18:07 github-actions[bot]

Automatically closing stale issue

Aug 02 '24 19:08 github-actions[bot]