Another thing which might potentially be useful (and should probably be configurable on individual ecosystem matcher level) could be if we find an NVD match and that CVE has a GHSA for another ecosystem (and the eocsystem we're matching for is supported by GitHub) we filter it out. Hopefully that makes sense but if not I can try and explain it better.
Originally posted by @westonsteimel in #390 (comment)
Another thing which might potentially be useful (and should probably be configurable on individual ecosystem matcher level) could be if we find an NVD match and that CVE has a GHSA for another ecosystem (and the eocsystem we're matching for is supported by GitHub) we filter it out. Hopefully that makes sense but if not I can try and explain it better.
Originally posted by @westonsteimel in #390 (comment)