Rule violation on vulnerability is not getting triggered #189
Comments
|
As @tsteenbe pointed out, this is probably related to the example rule to only trigger for the CVSS2 scoring system. |
|
See for example https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-67hx-6x53-jw92/GHSA-67hx-6x53-jw92.json#L13 propose we update the rule to trigger for CVSSv3 or make the rule work in a scoring system agnostic way. |
That should say "CVSSv3", I believe. |
sschuberth
added a commit
that referenced
this issue
May 23, 2024
Resolves #189. Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi Team,
I am facing issues with raising rule violations for vulnerable components in my dependencies.
I am using the existing evaluator.kts file from this repository and it triggers rule violations for license issues but not for vulnerabilities.
As seen below vulnerabilities are identified, but not brought out in the "Rule Violations" tab.
The action file used is : https://github.com/oss-review-toolkit/ort-ci-github-action
Can someone guide me to understand what i am missing or any reference to the solution.
The text was updated successfully, but these errors were encountered: