diff --git a/.circleci/config.yml b/.circleci/config.yml index f66f6f6..ebfa450 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -13,7 +13,7 @@ jobs: - prodsec/security_scans: mode: auto open-source-scan-all-projects: false - open-source-additional-arguments: --file=pom.xml --maven-aggregate-project + open-source-additional-arguments: --file=pom.xml --maven-aggregate-project --policy-file=.snyk iac-scan: disabled workflows: diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..187517a --- /dev/null +++ b/.snyk @@ -0,0 +1,5 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.0 +patch: {} +# ignores vulnerabilities until expiry date; change duration by modifying expiry date +ignore: {}