CVE suppression list
Specify a list of CVE identifiers to exclude from vulnerability threshold calculations and EPSS assessment.
These CVEs will be detected and reported but will not contribute to build failure decisions.
Supported Formats:
- Comma-separated: CVE-2023-1234, CVE-2023-5678, CVE-2024-0001
- One per line:
CVE-2023-1234
CVE-2023-5678
CVE-2024-0001
- Mixed format: CVE-2023-1234, CVE-2023-5678
CVE-2024-0001
Behavior:
- Suppressed CVEs are subtracted from vulnerability threshold counts
- Suppressed CVEs are excluded from EPSS threshold evaluation
- CVEs will still appear in scan reports and artifacts
- Detailed logging shows which CVEs were suppressed and their impact
Note: CVE IDs must follow the format CVE-YYYY-NNNN (e.g., CVE-2023-1234)