-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
84 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,84 @@ | ||
| # Safety Security and License Configuration file | ||
| # We recommend checking this file into your source control in the root of your Python project | ||
| # If this file is named .safety-policy.yml and is in the same directory where you run `safety check` it will be used by default. | ||
| # Otherwise, you can use the flag `safety check --policy-file <path-to-this-file>` to specify a custom location and name for the file. | ||
| # To validate and review your policy file, run the validate command: `safety validate policy_file --path <path-to-this-file>` | ||
| security: # configuration for the `safety check` command | ||
| ignore-cvss-severity-below: 0 # A severity number between 0 and 10. Some helpful reference points: 9=ignore all vulnerabilities except CRITICAL severity. 7=ignore all vulnerabilities except CRITICAL & HIGH severity. 4=ignore all vulnerabilities except CRITICAL, HIGH & MEDIUM severity. | ||
| ignore-cvss-unknown-severity: False # True or False. We recommend you set this to False. | ||
| ignore-vulnerabilities: # Here you can list multiple specific vulnerabilities you want to ignore (optionally for a time period) | ||
| # We recommend making use of the optional `reason` and `expires` keys for each vulnerability that you ignore. | ||
| 25853: # Example vulnerability ID | ||
| reason: we don't use the vulnerable function # optional, for internal note purposes to communicate with your team. This reason will be reported in the Safety reports | ||
| expires: "2022-10-21" # datetime string - date this ignore will expire, best practice to use this variable | ||
| 70612: | ||
| reason: we don't use the vulnerable function | ||
| expires: "2024-12-31" | ||
| continue-on-vulnerability-error: False # Suppress non-zero exit codes when vulnerabilities are found. Enable this in pipelines and CI/CD processes if you want to pass builds that have vulnerabilities. We recommend you set this to False. | ||
| alert: # configuration for the `safety alert` command | ||
| security: | ||
| # Configuration specific to Safety's GitHub Issue alerting | ||
| github-issue: | ||
| # Same as for security - these allow controlling if this alert will fire based | ||
| # on severity information. | ||
| # default: not set | ||
| # ignore-cvss-severity-below: 6 | ||
| # ignore-cvss-unknown-severity: False | ||
|
|
||
| # Add a label to pull requests with the cvss severity, if available | ||
| # default: true | ||
| # label-severity: True | ||
|
|
||
| # Add a label to pull requests, default is 'security' | ||
| # requires private repo permissions, even on public repos | ||
| # default: security | ||
| # labels: | ||
| # - security | ||
|
|
||
| # Assign users to pull requests, default is not set | ||
| # requires private repo permissions, even on public repos | ||
| # default: empty | ||
| # assignees: | ||
| # - example-user | ||
|
|
||
| # Prefix to give issues when creating them. Note that changing | ||
| # this might cause duplicate issues to be created. | ||
| # default: "[PyUp] " | ||
| # issue-prefix: "[PyUp] " | ||
|
|
||
| # Configuration specific to Safety's GitHub PR alerting | ||
| github-pr: | ||
| # Same as for security - these allow controlling if this alert will fire based | ||
| # on severity information. | ||
| # default: not set | ||
| # ignore-cvss-severity-below: 6 | ||
| # ignore-cvss-unknown-severity: False | ||
|
|
||
| # Set the default branch (ie, main, master) | ||
| # default: empty, the default branch on GitHub | ||
| branch: "" | ||
|
|
||
| # Add a label to pull requests with the cvss severity, if available | ||
| # default: true | ||
| # label-severity: True | ||
|
|
||
| # Add a label to pull requests, default is 'security' | ||
| # requires private repo permissions, even on public repos | ||
| # default: security | ||
| # labels: | ||
| # - security | ||
|
|
||
| # Assign users to pull requests, default is not set | ||
| # requires private repo permissions, even on public repos | ||
| # default: empty | ||
| # assignees: | ||
| # - example-user | ||
|
|
||
| # Configure the branch prefix for PRs created by this alert. | ||
| # NB: Changing this will likely cause duplicate PRs. | ||
| # default: pyup/ | ||
| branch-prefix: pyup/ | ||
|
|
||
| # Set a global prefix for PRs | ||
| # default: "[PyUp] " | ||
| pr-prefix: "[PyUp] " |