^{Originally posted by ivancli February 4, 2023}
Hi guys, we use composer audit in a CI pipeline of our project to check vulnerabilities. However once a vulnerability is discovered, the pipeline fails and blocks the subsequent processes, e.g. deployment.

Just wondering if composer has a built-in functionality to ignore a list of vulnerabilities by CVE IDs.

If not, will this be considered to be implemented in the near future?

You can find similar functionality in Aqua Trivy which ignores vulnerabilities specified in the .trivyignore file.