Merge branch 'main' into dependabot

openwallet-foundation · May 24, 2024 · 7041053 · 7041053
2 parents 6a3262a + 33f1a6e
commit 7041053
Show file tree

Hide file tree

Showing 2 changed files with 682 additions and 0 deletions.
diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
@@ -31,6 +31,13 @@ jobs:
         image: aries-cloudagent
         args: --file=docker/Dockerfile
 
+      # Replace any "null" security severity values with 0. The null value is used in the case
+      # of license-related findings, which do not do not indicate a security vulnerability.
+      # See https://github.com/github/codeql-action/issues/2187 for more context.
+    - name: Post process snyk sarif file  
+      run: |
+        sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif
+    
     - name: Upload result to GitHub Code Scanning
       uses: github/codeql-action/upload-sarif@v3
       with: