-
Story
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
None
sample CI run for security scan
Repo
https://github.com/openshift/cloud-network-config-controller/tree/master/
Short term solution
Create .snyk file and add exclude snyk rules for every file to suppress the security warnings.
Possible long term solution
- Analyze each security warning, take a wise decision whether it can be ignored (or) to be fixed internally or to be reported with upstream community.
If this involves upstream community, follow the steps 2 to 5. - Bump up dependent library and check if security warning going away.
- If problem still exists, Try to find out if security vulnerability already reported to synk community, Otherwise report the security vulnerability to
https://snyk.io/vulnerability-disclosure/?_gl=1*9gs63g*_ga*OTg5MjUzNDIuMTcwNDg4NjUxNw..*_ga_X9SH3KP7B4*MTcwNjUxNjcyOC4yLjEuMTcwNjUxNzA0OS4wLjAuMA..
(They help to verify the vulnerability and contact the maintainer). - Replace exclude rule with ignore rule (with snyk-vulnid avaialble from step 2) to suppress the same security warning.
- When solution is available, then remove snyk rule accordingly.