scan-type: source
ignore:
  # Ignore cross-spawn vulnerabilities by CVE ID due to false positive
  # as grype looks at package-lock.json where it shows versions with
  # vulnerabilities, npm ls shows only 7.0.6 verion is used

  # Ignore OpenSSL vulnerabilities in Alpine libcrypto3 and libssl3
  - vulnerability: GHSA-3ppc-4f35-3m26
    reason: minimatch upgrade breaks some dev tools so adding this to ignore list
  - vulnerability: CVE-2025-60876
    reason: No fix available as of 1.37.0-r30
  - vulnerability: GHSA-83g3-92jg-28cx
    include-aliases: true
  - vulnerability: GHSA-34x7-hfp2-rc4v
    include-aliases: true
  - vulnerability: GHSA-5j98-mcp5-4vw2
    include-aliases: true
  - vulnerability: GHSA-8qq5-rm4j-mr97
    include-aliases: true
  - vulnerability: GHSA-r6q2-hw4h-h46w
    include-aliases: true

# Set output format defaults
output:
  - "table"
  - "json"

# Modify your CircleCI job to check critical count
search:
  scope: "squashed"
quiet: false
check-for-app-update: false