chore: add perm ignores for trans deps of provided artifactory-papi

snyk · Dec 19, 2024 · 1a56f45 · 1a56f45
1 parent 186718f
commit 1a56f45
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 1 deletion.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -13,7 +13,7 @@ jobs:
       - prodsec/security_scans:
           mode: auto
           open-source-scan-all-projects: false
-          open-source-additional-arguments: --file=pom.xml --maven-aggregate-project
+          open-source-additional-arguments: --file=pom.xml --maven-aggregate-project --policy-file=.snyk
           iac-scan: disabled
 
 workflows:

diff --git a/.snyk b/.snyk
@@ -0,0 +1,21 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+patch: {}
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  'SNYK-JAVA-COMGOOGLEPROTOBUF-8055227':
+    - '*':
+        reason: Transitive dep of artifactory-papi. Actual papi is provided by artifactory env at runtime so this is a false positive.
+        created: 2024-12-19T00:00:00.000Z
+  'SNYK-JAVA-DNSJAVA-7547403':
+    - '*':
+        reason: Transitive dep of artifactory-papi. Actual papi is provided by artifactory env at runtime so this is a false positive.
+        created: 2024-12-19T00:00:00.000Z
+  'SNYK-JAVA-DNSJAVA-7547404':
+    - '*':
+        reason: Transitive dep of artifactory-papi. Actual papi is provided by artifactory env at runtime so this is a false positive.
+        created: 2024-12-19T00:00:00.000Z
+  'SNYK-JAVA-DNSJAVA-7547405':
+    - '*':
+        reason: Transitive dep of artifactory-papi. Actual papi is provided by artifactory env at runtime so this is a false positive.
+        created: 2024-12-19T00:00:00.000Z