govulncheck: How to disable checks for specific vulnerabilities?

151 views
Skip to first unread message

twp...@gmail.com

unread,
Apr 7, 2026, 7:04:25 PM Apr 7
to golang-nuts
Hello,

I use govulncheck to regularly scan my project for vulnerabilities. Finding a vulnerability currently triggers a build failure.

Unfortunately, someone recently reported  GO-2026-4923  which affects my project but  isn't a vulnerability at all . However, it's still (for now) in govulncheck's database, so my builds cannot pass until it is removed.

Is there a way to configure govulncheck to ignore specific vulnerabilities? I couldn't find any indication of how to do this in govulncheck's documentation.

My only other alternative is to disable govulncheck completely whenever govulncheck accepts an invalid invulnerability.

Many thanks for any suggestions,
Tom



Marcello H

unread,
Apr 9, 2026, 3:28:57 AM Apr 9
to golang-nuts
I found this, perhaps this is how you can make a workaround for your issue:
.govulncheck-ignore.yaml

Or you do it like this:
# Run govulncheck in JSON mode, filter out the unwanted ID,
# and check if any other findings remain.
if [ "$(govulncheck -format json ./... | jq '[.finding | select(.osv != "GO-2026-4923")] | length')" -ne 0 ]; then
  echo "Vulnerabilities found!"
  exit 1
fi

Op woensdag 8 april 2026 om 01:04:25 UTC+2 schreef twp...@gmail.com :

bakari jofrey

unread,
Apr 9, 2026, 7:28:32 AM Apr 9
to Marcello H, golang-nuts
Oky let's check out 

--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com .
To view this discussion visit https://groups.google.com/d/msgid/golang-nuts/2d2c387a-a74d-47ec-8b23-80de0edf4327n%40googlegroups.com .
Reply all
Reply to author
Forward
0 new messages