forked from entando/app-engine
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.snyk
42 lines (42 loc) · 1.41 KB
/
.snyk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.19.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
SNYK-JAVA-ORGJDOM-1311147:
- '*':
reason: 'False positive. Even though the vulnerability exists and we use SAXBuilder in our code, our usage is
exclusively against internal and static XML files that reference no external entity, making this
vulnerability impossible to be exploited by external sources.'
SNYK-JAVA-IOSPRINGFOX-1317096:
- '*':
reason: 'Swagger is enabled only in development environment. This is also a low risk and low possibility attack.'
SNYK-JAVA-IONETTY-1042268:
- '*':
reason: 'Temporary suppression. We always connect to an internal and safe Redis server.'
SNYK-JAVA-ORGJBOSSRESTEASY-1009963:
- '*':
reason: '.'
SNYK-JAVA-ORGKEYCLOAK-1085642:
- '*':
reason: '.'
SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698:
- '*':
reason: '.'
SNYK-JAVA-ORGLIQUIBASE-2419059:
- '*':
reason: '.'
SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244:
- '*':
reason: '.'
SNYK-JAVA-ORGKEYCLOAK-2434281:
- '*':
reason: '.'
SNYK-JAVA-ORGKEYCLOAK-2805802:
- '*':
reason: '.'
SNYK-JAVA-ORGOWASPESAPI-2805301:
- '*':
reason: '.'
SNYK-JAVA-ORGOWASPESAPI-2803305:
- '*':
reason: '.'