Mismatch in Vulnerability count #111
Comments
|
Hello @raelyz thank you for reaching out. We understand that the vulnerability counts by severity table does not match the severity in the vulnerability findings table. This mismatch is occurring because two of the reported CVE's have differing severity values from multiple vendors (e.g. NVD, MITRE, GitHub Security Advisories, etc.): You are seeing the mismatch in the vulnerability findings table because the Inspector GitHub Action is preferring to render NVD, with a rating of medium, over other vendors such as GitLab with a rating of high (see source code here). We will modify this action to render the highest severity in our next release. Work for this issue is expected to begin on Monday February 24th 2025. |
|
Brief update: I am about 3/4 through the expected work to resolve this issue. |
|
@raelyz I have finished the expected code changes to resolve this issue. Would you be able to test your action against the In the mean time, we will continue reviewing, refining, and testing the code changes. |
|
@raelyz we have published a new release that resolves this issue: Please update your workflows to use If you have follow-up questions, comments, or feedback about this issue, feel free to raise that here. Otherwise, I will close this issue in 24 hours. |
Hello Team, I'm facing a similar issue to #89.
In the screenshot you can see that there are supposedly 2 High Vulnerabilities but if we look at the list of vulnerabilities displayed below there are 0.
I have followed a similar set of instructions and sent an email last Friday and was wondering if anyone has seen it.
The text was updated successfully, but these errors were encountered: