/mf2/2024/06/9wxrl/ · Jamie Tanna

Liked Filippo Valsorda :go: (@filippo@abyssdomain.expert)

Post details

Trivy 0.52.1 on age v1.1.1 > Total: 31 (UNKNOWN: 2, LOW: 0, MEDIUM: 13, HIGH: 14, CRITICAL: 2) govulncheck v1.1.2 > No vulnerabilities found. govulncheck is correct. All the vulns reported by the other thing are provably false positives. When I did the initial design of govulncheck, I made minimizing noise a priority, to give devs a chance to actually triage potential vulns. I suspect I was wrong: if the tool is too good, it will find nothing most of the time, and devs will not trust it.

Sun, 16 Jun 2024 16:21 by Jamie Tanna .

This post was filed under likes.

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.