Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: created .snyk ignore policy file #60

Merged
merged 1 commit into from
Aug 7, 2024
Merged

fix: created .snyk ignore policy file #60

merged 1 commit into from
Aug 7, 2024

Conversation

pacificcode
Copy link
Contributor

created .snyk policy. Added policy to ignore vendor/ and .devcontainer/ directories.

@pacificcode pacificcode requested a review from a team as a code owner August 1, 2024 16:03
@pacificcode pacificcode changed the title Created .snyk ignore policy file chore : Created .snyk ignore policy file Aug 1, 2024
@pacificcode pacificcode changed the title chore : Created .snyk ignore policy file chore(snyk): Created .snyk ignore policy file Aug 1, 2024
@pacificcode pacificcode changed the title chore(snyk): Created .snyk ignore policy file fix: Created .snyk ignore policy file Aug 1, 2024
@pacificcode pacificcode changed the title fix: Created .snyk ignore policy file fix: created .snyk ignore policy file Aug 1, 2024
sheldonhull
sheldonhull requested changes Aug 1, 2024
View reviewed changes
Copy link
Contributor

@sheldonhull sheldonhull left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this should help i think with local IDE tooling, but it won't stop the PR checks from flagging. They don't honor this file last I checked for opensource checks, license at least. Is this the goal?

@pacificcode
Copy link
Contributor Author

pacificcode commented Aug 1, 2024
edited
Loading

@sheldonhull the .snyk file was added to the dsv-cli repo and Snyk no longer reports issues with the vendor/ directory code.
See report here: https://app.snyk.io/org/devops-secrets-vault/project/19dc579a-7e13-4b98-8a4f-5546aff44f4e

Adding this file to this repo looking for the same results.

@pacificcode
Copy link
Contributor Author

this should help i think with local IDE tooling, but it won't stop the PR checks from flagging. They don't honor this file last I checked for opensource checks, license at least. Is this the goal?

This process worked very nicely for the gitlab repo as well. If we can resolve this and get it merged that would be very helpful.

@pacificcode pacificcode merged commit 4fa4795 into main Aug 7, 2024
7 of 11 checks passed
@pacificcode pacificcode deleted the pacificcode-snyk-1 branch August 7, 2024 19:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrii-zakurenyi andrii-zakurenyi andrii-zakurenyi approved these changes

@sheldonhull sheldonhull sheldonhull approved these changes

Assignees

@pacificcode pacificcode

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pacificcode @sheldonhull @andrii-zakurenyi