ongamse · ongamse · Mar 25, 2025
diff --git a/shiftleft.yml b/shiftleft.yml
@@ -1,22 +1,15 @@
-version: 2 # implies that check-analysis v2 should be used and therefore
-           # the --v2 flag can be omitted when running sl check-analysis
+version: 2
 build_rules:
-- id: Allow no critical findings
-  finding_types:
-      - vuln
-  severities:
-    - critical
-  threshold: 0
-  options:
-   num_findings: 10 # Return 10 sast findings
-- id: Allow one OSS or container finding
-  finding_types:
-    - oss_vuln
-    - container
-  threshold: 1
-- id: Allow no reachable OSS vulnerability
-  finding_types:
-    - oss_vuln
-    - container
-  options:
-    reachable: true
+  - id: Allow no critical findings
+    severities:
+      - critical
+  - id: Allow one OSS or container finding
+    finding_types:
+      - oss_vuln
+      - container
+    threshold: 1
+  - id: Allow no reachable OSS vulnerability
+    finding_types:
+      - oss_vuln
+    options:
+      reachable: true