From f6aca7de699091fab3b6902a7e26ce18a4f8ded5 Mon Sep 17 00:00:00 2001 From: Marek Karwacki Date: Wed, 15 Jan 2025 10:26:31 +0000 Subject: [PATCH] ci: load snyk policy from env --- .github/workflows/ci.yml | 4 ++++ .snyk | 14 -------------- 2 files changed, 4 insertions(+), 14 deletions(-) delete mode 100644 .snyk diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4e1f5c4e46..1d342d3220 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -48,6 +48,8 @@ jobs: secret_prefix: 'SNYK' secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }} parse_json: true + - name: Create .snyk file + run: echo "${{ vars.DOT_SNYK_FILE }}" > .snyk - name: Run Snyk to check for deps vulnerabilities uses: RDXWorks-actions/snyk-actions/gradle-jdk17@master with: @@ -70,6 +72,8 @@ jobs: secret_prefix: 'SNYK' secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }} parse_json: true + - name: Create .snyk file + run: echo "${{ vars.DOT_SNYK_FILE }}" > .snyk - name: Run Snyk to check for code vulnerabilities uses: RDXWorks-actions/snyk-actions/gradle-jdk17@master continue-on-error: true diff --git a/.snyk b/.snyk deleted file mode 100644 index 474e520b26..0000000000 --- a/.snyk +++ /dev/null @@ -1,14 +0,0 @@ -# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. -version: v1.25.0 -ignore: {} -patch: {} -exclude: - global: - # Snyk reports false positives in those files and sadly - # there's no option to ignore specific issues within a file. - - core/src/main/java/com/radixdlt/p2p/transport/FrameCodec.java - - common/src/main/java/com/radixdlt/crypto/IESEngine.java - - common/src/main/java/com/radixdlt/crypto/ECIESCoder.java - - cli-tools/src/main/java/com/radixdlt/cloud/AWSSecrets.java - - common/src/main/java/com/radixdlt/crypto/ECKeyUtils.java - - core/src/test/java/com/radixdlt/api/DummySslContextFactory.java