Richard Seeton

icon indicating a website link www.seeton.net

Results 5 comments of Richard Seeton

Suppression of specific CVE based on CVSS value

@aikebah - You are correct - for this specific CVE, we have implemented the Tomcat Security guidelines and removed the various default application packages - which _should_ allow the issue...

Suppression of specific CVE based on CVSS value

Hello all, I've had a chance to test @jeremylong 's suggestion (apologies for the delay) and @aikebah is unfortunately correct - cvssBelow suppresses all issues below a threshold, which is...

codeql-action/init should explicitly delete an already present database (for self-hosted runners)

Hello @hmakholm Your assumption is correct - we are running a GitHub Enterprise environment with selfhosted runners calling the codeql-action. To enable the 'overwrite' functionality, we use the `$CODEQL_ACTIONS_EXTRA_OPTIONS` environment...

codeql-action/init should explicitly delete an already present database (for self-hosted runners)

@hmakholm - Excellent, thanks. Testing in our environments confirms that if we remove the codeql_databases/diagnostic library, the overwrite function recognizes the codeql_databases as a CodeQL database and allows the over-write...

Add configuration to use a private registry instead of docker.com when running as the yq action

@mikefarah - No worries and certainly no rush (As a work around we are installing yq as part of the Github instead of using the action). Let me take a...