add a snyk policy file (opendatahub-io#241)

derekk-nm · web-flow · commit bbccdbecfd4a · 2025-06-27T15:47:40.000-04:00
We want the Snyk run to skip verification of the `benchmarks`, `examples` and `tests` directories because Snyk will report a variety of issues that are not relevant to the repository's code. An additional set of individual vulnerabilities in the rest of the source code are ignored at the Snyk server level, with reasons specified. The Snyk security scan on this PR shows that there are only a few individual issues remaining to be addressed. These are flagged in [INFERENG-985: Review issues of concern raised by Snyk security scan](https://issues.redhat.com/browse/INFERENG-985) for follow up.
diff --git a/.snyk b/.snyk
@@ -0,0 +1,7 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities
+version: v1.25.0
+exclude:
+ global:
+   - examples/
+   - tests/
+   - benchmarks/
