Adds a safety policy by default.

56kyle · 56kyle · commit bb3851776618 · 2024-10-09T00:07:10.000-04:00
diff --git a/{{cookiecutter.project_name}}/.safety-policy.yml b/{{cookiecutter.project_name}}/.safety-policy.yml
@@ -0,0 +1,41 @@
+version: "3.0"
+
+scanning-settings:
+  max-depth: 6
+  exclude: []
+  include-files: []
+  system:
+    targets: []
+
+report:
+  dependency-vulnerabilities:
+    enabled: true
+    auto-ignore-in-report:
+      python:
+        environment-results: true
+        unpinned-requirements: true
+      cvss-severity: []
+
+fail-scan-with-exit-code:
+  dependency-vulnerabilities:
+    enabled: true
+    fail-on-any-of:
+      cvss-severity:
+        - critical
+        - medium
+        - high
+      exploitability:
+        - critical
+        - medium
+        - high
+
+security-updates:
+  dependency-vulnerabilities:
+    auto-security-updates-limit:
+      - patch
+
+security:
+  ignore-vulnerabilities:
+    70612:
+      reason: Jinja2 has no intentions of fixing this vulnerability.
+      expires: "2025-01-01"
