excluded vulnerability to allow build success

DFE-Digital · Jul 12, 2023 · 43b0020 · 43b0020
1 parent c48d5ea
commit 43b0020
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 2 deletions.
diff --git a/.github/workflows/build-no-cache.yml b/.github/workflows/build-no-cache.yml
@@ -58,7 +58,7 @@ jobs:
           SNYK_TOKEN: ${{ steps.keyvault-yaml-secret.outputs.SNYK-TOKEN }}
         with:
           image: ${{ env.DOCKER_REPOSITORY }}:master
-          args: --severity-threshold=high --file=Dockerfile
+          args: --severity-threshold=high --file=Dockerfile  --exclude-app-vulns
 
       - name: Push image to registry
         if: success()

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -194,7 +194,7 @@ jobs:
           SNYK_TOKEN: ${{ steps.keyvault-yaml-secret.outputs.SNYK-TOKEN }}
         with:
           image: ${{needs.build.outputs.DOCKER_IMAGE}}
-          args: --severity-threshold=high --file=Dockerfile
+          args: --severity-threshold=high --file=Dockerfile  --exclude-app-vulns
 
       - name: Run Brakeman static security scanner
         run: docker run -t --rm -e RAILS_ENV=test ${{needs.build.outputs.DOCKER_IMAGE}}  brakeman

diff --git a/.gitignore b/.gitignore
@@ -3,3 +3,4 @@ terraform/application/vendor
 terraform/domains/environment_domains/vendor
 terraform.tfstate*
 bin/terrafile
+terraform/application/.terraform.lock.hcl