Support ignore CveIDs in config
This commit is contained in:
Kota Kanbe
43
README.md
43
README.md
@@ -389,6 +389,7 @@ subjectPrefix = "[vuls]"
|
||||
# "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
|
||||
#]
|
||||
#containers = ["${running}"]
|
||||
#ignoreCves = ["CVE-2016-6313"]
|
||||
#optional = [
|
||||
# ["key", "value"],
|
||||
#]
|
||||
@@ -404,6 +405,7 @@ host = "172.31.4.82"
|
||||
# "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
|
||||
#]
|
||||
#containers = ["${running}"]
|
||||
#ignoreCves = ["CVE-2016-6313"]
|
||||
#optional = [
|
||||
# ["key", "value"],
|
||||
#]
|
||||
@@ -476,6 +478,7 @@ You can customize your configuration using this template.
|
||||
# "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
|
||||
#]
|
||||
#containers = ["${running}"]
|
||||
#ignoreCves = ["CVE-2016-6313"]
|
||||
#optional = [
|
||||
# ["key", "value"],
|
||||
#]
|
||||
@@ -495,6 +498,7 @@ You can customize your configuration using this template.
|
||||
# "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
|
||||
#]
|
||||
#containers = ["${running}"]
|
||||
#ignoreCves = ["CVE-2016-6314"]
|
||||
#optional = [
|
||||
# ["key", "value"],
|
||||
#]
|
||||
@@ -508,6 +512,7 @@ You can customize your configuration using this template.
|
||||
- keyPath: SSH private key path
|
||||
- cpeNames: see [Usage: Scan vulnerability of non-OS package](https://github.com/future-architect/vuls#usage-scan-vulnerability-of-non-os-package)
|
||||
- containers: see [Usage: Scan Docker containers](https://github.com/future-architect/vuls#usage-scan-docker-containers)
|
||||
- ignoreCves: CVE IDs that will not be reported. But output to JSON file.
|
||||
- optional: Add additional information to JSON report.
|
||||
|
||||
Vuls supports two types of SSH. One is native go implementation. The other is external SSH command. For details, see [-ssh-external option](https://github.com/future-architect/vuls#-ssh-external-option)
|
||||
@@ -780,6 +785,43 @@ $ vuls scan \
|
||||
-azure-container=vuls
|
||||
```
|
||||
|
||||
## Example: IgnoreCves
|
||||
|
||||
Define ignoreCves in config if you don't want to report(slack, mail, text...) specific CVE IDs. But these ignoreCves will be output to JSON file like below.
|
||||
|
||||
- config.toml
|
||||
```toml
|
||||
[default]
|
||||
ignoreCves = ["CVE-2016-6313"]
|
||||
|
||||
[servers.bsd]
|
||||
host = "192.168.11.11"
|
||||
user = "kanbe"
|
||||
ignoreCves = ["CVE-2016-6314"]
|
||||
```
|
||||
|
||||
- bsd.json
|
||||
```json
|
||||
[
|
||||
{
|
||||
"ServerName": "bsd",
|
||||
"Family": "FreeBSD",
|
||||
"Release": "10.3-RELEASE",
|
||||
"IgnoredCves" : {
|
||||
"CveDetail" : {
|
||||
"CVE-2016-6313",
|
||||
...
|
||||
},
|
||||
"CveDetail" : {
|
||||
"CVE-2016-6314",
|
||||
...
|
||||
},
|
||||
}
|
||||
}
|
||||
]
|
||||
```
|
||||
|
||||
|
||||
## Example: Add optional key-value pairs to JSON
|
||||
|
||||
Optional key-value can be outputted to JSON.
|
||||
@@ -1097,4 +1139,3 @@ Please see [CHANGELOG](https://github.com/future-architect/vuls/blob/master/CHAN
|
||||
# License
|
||||
|
||||
Please see [LICENSE](https://github.com/future-architect/vuls/blob/master/LICENSE).
|
||||
|
||||
|
||||
Reference in New Issue
Block a user