We can automate the insertion of an entry in https://github.com/nodejs/security-wg/tree/main/vuln/deps whenever we close an issue.
If the issue contains a label such that signals for example: "vulnerable_code_not_in_execute_path` the automation can generate a file x.json such as
https://github.com/nodejs/security-wg/blob/main/vuln/deps/3.json
Example:
- User opens an issue
- After triaging we believe its not a vulnerability
- We close the issue with label
vulnerable_code_not_in_execute_path
- Automation picks it up and open a PR in https://github.com/nodejs/security-wg/blob/main/vuln/deps with a file x.json
- We approve and merge the PR
- The vex file gets updated
- User scanner stops being triggered by that CVE
We can automate the insertion of an entry in https://github.com/nodejs/security-wg/tree/main/vuln/deps whenever we close an issue.
If the issue contains a label such that signals for example: "vulnerable_code_not_in_execute_path` the automation can generate a file x.json such as
https://github.com/nodejs/security-wg/blob/main/vuln/deps/3.json
Example:
vulnerable_code_not_in_execute_path