Plugin snyk scan: Only runtime dependencies scanning, exclude test & compile deps for now. (#18562)

Author: mashhurs

.buildkite/scripts/snyk/plugins-scan/generate-steps.py

@@ -165,7 +165,7 @@ def generate_snyk_step(plugin_name: str, branch: str, logstash_branch: str = Non
 # LS core resolves the gems so Gemfile needs to be excluded
 # .buildkite, .ci path may contain python/other projects not necessary to scan
 # eventually using --all-projects is good because snyk may detect CVEs through other package managers like maven, gradle, (ruby excluded) etc.. 
-./snyk monitor --all-projects --exclude=Gemfile,.buildkite,.ci,vendor.json --org=logstash --target-reference={branch}
+./snyk monitor --all-projects --exclude=build,Gemfile,.buildkite,.ci,vendor.json --org=logstash --target-reference={branch} --configuration-matching="^runtime"
 
 # Cleanup
 rm -rf {work_dir}