Configuration - Dependencies
Auto Fix
This setting controls the creation of pull requests to fix vulnerabilities in project dependencies.
To enable automatic creation of dependency fix pull requests, set dependencies.auto_fix.enabled
to true
. You can also set the maximum number of open pull requests per repository with the dependencies.auto_fix.max_pull_requests_open
key. You can also set the maximum rate of pull request creation with the dependencies.auto_fix.max_pull_request_creation_rate
key.
dependencies:
auto_fix:
enabled: true
max_pull_requests_open: 2
max_pull_request_creation_rate:
count: 2
days: 7
Ignore Findings
To allowlist CVEs add them to the ignore list. The dependencies.ignore[i].repositories
list is only applicable in the global configuration file.
dependencies:
ignore:
- cve: CVE-2021-1234
reason: This is a false positive
- cve: CVE-2021-5678
reason: This isn't exploitable in client applications but we should update it eventually
# optional expiry date
expiry: "2024-09-12T00:00:00Z"
# optional repositories filter
repositories:
- dast-action
- cli
Last updated
Was this helpful?