Snyk Parser should consolidate findings better #1616
Labels
Source(s)
New, enhanced, or removed metric source
Comments
greckko
changed the title
|
This is what I aim to achieve. Instead of 1211 Security Warnings, It now only shows 4 top level packages that all contain 1211 vulnerabilities sourcing from transitive dependencies.
For a developer it's easy to review that only 4 packages will need to be updated in order to mitigate 1211 vulnerabilities. @fniessink what do you think ? |
|
I think it's a good idea, and it's similar to how the OWASP dependency check security warnings are reported: per direct dependency the highest severity and the number of vulnerable (direct and indirect) dependencies. |
fniessink
added
Feature
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently the Snyk parser does not consolidate findings correctly. This results in an enormous amount of warnings.
The number of warnings should be equal to the number of top-level packages that need to be updated not the total amount of vulnerabilities
The text was updated successfully, but these errors were encountered: