Skip to content

Fix vulnerability ignore matching to be case-insensitive#3156

Open
RohitYandigeri wants to merge 1 commit intoanchore:mainfrom
RohitYandigeri:fix/ignore-vulnerability-case-insensitive
Open

Fix vulnerability ignore matching to be case-insensitive#3156
RohitYandigeri wants to merge 1 commit intoanchore:mainfrom
RohitYandigeri:fix/ignore-vulnerability-case-insensitive

Conversation

@RohitYandigeri
Copy link

@RohitYandigeri RohitYandigeri commented Jan 11, 2026

Summary

Vulnerability identifiers such as CVE and GHSA are case-insensitive, but ignore
rules were previously matched using exact string comparison. This caused ignore
rules to fail when casing differed between sources.

Root Cause

Ignore rule evaluation compared vulnerability IDs using strict string equality,
while vulnerability sources (e.g., Grype data, GHSA) may report identifiers in
mixed or lowercase formats.

Changes

  • Make vulnerability ID matching case-insensitive when applying ignore rules
  • Add a unit test validating that GHSA identifiers are ignored regardless of casing

Impact

  • Fixes ignore rules not applying to GHSA vulnerabilities with lowercase IDs
  • Backward compatible; does not affect existing ignore behavior

Notes

Local full test execution could not complete due to disk space constraints on the
development machine. The change is isolated to grype/match, and CI will validate
the full test suite.

@RohitYandigeri RohitYandigeri mentioned this pull request Jan 11, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@RohitYandigeri