Epic Goal

New security requirements were added for every openshift repository. Fixing all of them is a lot of work, so we are closing SAST scan bugs by ignoring the `vendor` folder for now, and we will replace these files with something better once we have the priority to work on it.

To handle SAST bugs:

• Ensure that we have CI job doing the security scan
• Try to bump the dependencies and check if any of the warnings go away
• Look upstream to check if the issues have already been reported. If not, open an issue there. (upstream might be another openshift project, so might need to actually look in JIRA for these
• clone the bug to to a SDN issue linked to an specific SAST epic. Add there a description of what you did. This issue will be used to track the resolution taken upstream and subsequent downstream action.
• Add a PR  .snyk file with ignore rules pointing to specific issue ids and files, including a link to the SDN story and upstream issue. Ensure that the security scan CI job does not longer flag the issues. Do not use exclude rules unless it is non-runtime or non-production.
• close the bug with that PR

https://docs.google.com/document/d/1Og7shw9SkZHoNtfdU9Jc-x-QJizd43rd79Ih2FY4ctQ/edit