Filippo Valsorda :go: on Nostr: Trivy 0.52.1 on age v1.1.1 > Total: 31 (UNKNOWN: 2, LOW: 0, MEDIUM: 13, HIGH: 14, ...
Trivy 0.52.1 on age v1.1.1
> Total: 31 (UNKNOWN: 2, LOW: 0, MEDIUM: 13, HIGH: 14, CRITICAL: 2)
govulncheck v1.1.2
> No vulnerabilities found.
govulncheck is correct. All the vulns reported by the other thing are provably false positives.
When I did the initial design of govulncheck, I made minimizing noise a priority, to give devs a chance to actually triage potential vulns.
I suspect I was wrong: if the tool is too good, it will find nothing most of the time, and devs will not trust it.
> Total: 31 (UNKNOWN: 2, LOW: 0, MEDIUM: 13, HIGH: 14, CRITICAL: 2)
govulncheck v1.1.2
> No vulnerabilities found.
govulncheck is correct. All the vulns reported by the other thing are provably false positives.
When I did the initial design of govulncheck, I made minimizing noise a priority, to give devs a chance to actually triage potential vulns.
I suspect I was wrong: if the tool is too good, it will find nothing most of the time, and devs will not trust it.