diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml
index 79695c970..d91c216a0 100644
--- a/.github/workflows/shiftleft.yml
+++ b/.github/workflows/shiftleft.yml
@@ -46,8 +46,7 @@ jobs:
curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
- name: Validate Build Rules
run: |
- ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-java-demo \
- --branch "${{ github.head_ref || steps.extract_branch.outputs.branch }}" \
+ ${GITHUB_WORKSPACE}/sl check-analysis --app shiftleft-java-demo --config ./shiftleft.yml --v2 \
--report \
--github-pr-number=${{github.event.number}} \
--github-pr-user=${{ github.repository_owner }} \
@@ -56,4 +55,4 @@ jobs:
env:
SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
-
\ No newline at end of file
+
diff --git a/pom.xml b/pom.xml
index eb17410c8..d42be2021 100644
--- a/pom.xml
+++ b/pom.xml
@@ -31,6 +31,11 @@
jasypt
1.9.2
+
+ org.apache.logging.log4j
+ log4j-api
+ 2.16.0
+
com.github.ulisesbocchio
jasypt-spring-boot-starter
diff --git a/shiftleft.yml b/shiftleft.yml
index 220d4baf4..726335744 100644
--- a/shiftleft.yml
+++ b/shiftleft.yml
@@ -1,12 +1,15 @@
build_rules:
- - id: allow-zero-findings
+ - id: build-break-rule
finding_types:
- vuln
- - secret
- - insight
- - "*"
severity:
- - SEVERITY_MEDIUM_IMPACT
- - SEVERITY_HIGH_IMPACT
- - SEVERITY_LOW_IMPACT
- threshold: 0
\ No newline at end of file
+ - critical
+ - moderate
+ type:
+ - XSS
+ threshold: 8
+ - id: reachable-oss-vuln
+ finding_types: [oss_vuln]
+ options:
+ reachable: true
+ num_findings: 25