Closed oshoval closed 11 months ago
@oshoval would we still get an alert if our dependencies contain CVEs?
@oshoval would we still get an alert if our dependencies contain CVEs?
Yes, this is for excluding the vendor folder during Code analysis Packages analyzing is done via go.mod, not via Code analysis on vendor folder
See please https://github.com/kubevirt/ssp-operator/pull/706
Understood. Thanks!
/lgtm /approve
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: AlonaKaplan
The full list of commands accepted by this bot can be found here.
The pull request process is described here
What this PR does / why we need it: This file is used for snyk integration to config snyk scan.
Special notes for your reviewer: