Remove GitHub Advisories

[spursbob]

I enabled GitHub Advisories temporarily but after disabling it I continue to see Github vulnerability issues. Is it possible to not have them displayed?

[nscuro]

Just had this case with another user yesterday. If you're using PostgreSQL, I have a simple solution for you that will remove all GHSA vulnerabilities from your instance:

1. Disable GHSA in the settings if you haven’t already
2. Shutdown the API server
3. Backup your PostgreSQL database, just in case
4. Execute this script in your PostgreSQL database:

docker exec -i <POSTGRES_CONTAINER_NAME> psql -U<POSTGRES_USER> < ghsa-cleanup.sql

The output will be something along the lines of:

CREATE FUNCTION
BEGIN
 delete_ghsa_vulnerabilities 
-----------------------------
 t
(1 row)

COMMIT
DROP FUNCTION

Finally, start the API server container again.

The script only works for PostgreSQL, but you can adapt it to MSSQL or MySQL.

That being said, v4.6.0 of DT will ship with a better solution for this: #1642

[nscuro]

Be aware though that you will miss out on vulnerabilities that are not reported by OSS Index or the NVD.

[officerNordberg]

I was tempted to shut these off as well as they can create a lot of duplicates but in general I prefer the overlap to the missing data. Personally I used python and the API to fix things like this like when my fuzzy match testing assigned vulns to all our internal components. Easy enough to delete.

[au-abd]

Hi @nscuro is there an updated version of this script for v4.7.0?

[nscuro]

I just updated it a few moments ago because someone was asking on Slack. See here for the history: https://gist.github.com/nscuro/cf97dfb4ae07b835ca721aafa7ac48f8/revisions

The link I posted in the original answer also points to the updated script.

[au-abd]

Thank you for the quick turnaround

[agnieszka-docplanner]

Hi @nscuro, is the script still valid for v4.11?