I understand that there is nothing that you guys can do if a package in a certain distribution is not keeping close to upstream and I respect it.
At our company we are running the package from Atomic for CentOS, currently at version 10.0.0, while the software is giving us an error about 10.0.1 availability.
I have followed the guide to set up overrides for this specifically to just wait for the new release to be available in the repositories, but sadly it hasn’t worked for me at all - in the pdf report, the first vulnerability is shown as high even if I set it to false positive.
Did someone else also come across such behaviour? Is there a way to fix this? Thanks for the help
Sure. Configure an alert. Choose the method “email”. Choose the content “attach report” and select a report format that can apply overrides. Open the content composer in the section “Report content” and make sure to choose a filter that includes “apply_overrides=1”.