-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsecurity-config.yml
More file actions
37 lines (30 loc) · 1005 Bytes
/
security-config.yml
File metadata and controls
37 lines (30 loc) · 1005 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# Security config generated by DevSecOps Kit
version: "0.3.0"
language: "golang"
framework: ""
severity_threshold: "high"
tools:
semgrep: true
trivy: true
gitleaks: true
# Path exclusions for scanners (applies to all enabled tools)
# Common paths to exclude: vendor/, node_modules/, test/, dist/, build/
exclude_paths:
# - "vendor/"
# - "node_modules/"
# - "test/"
# - "*.test.js"
# Fail gates: Define thresholds that will fail the CI build
# Set to -1 to disable a specific gate
fail_on:
gitleaks: 0 # Fail if ANY secrets detected (recommended: 0)
semgrep: 10 # Fail if 10+ Semgrep findings
trivy_critical: 0 # Fail if ANY critical vulnerabilities
trivy_high: 5 # Fail if 5+ high severity vulnerabilities
trivy_medium: -1 # Disabled by default (set to number to enable)
trivy_low: -1 # Disabled by default
# Notification settings (PR comment enabled by default)
notifications:
pr_comment: true
slack: false
email: false