Since the defects found are all Medium and Low severity, the Snyk stage in the workflow will pass.
Snyk workflow passes with 0 issues found.
In this example, we only break the pipeline when High Severity issues are found.
Adjusting rule thresholds in the Snyk UI
If you want to override the default severity thresholds provided by Snyk, you can do so in the Snyk UI. This allows you to change the severity of each of the IAC security rules at an organization level.
To do this, navigate to your Organization -> Settings -> Infrastructure as Code. You'll see the list below:
Security Rule severity adjustments in the Snyk UI.
Adjust the rules as you see fit. Next time the workflow runs, the Snyk Orb will evaluate the Terraform files according to the new severity levels.
Configuring the Snyk Organization used by the Snyk Orb
The Snyk Orb output identifies which Snyk Org is used for evaluating security rules.
Snyk Org used by the Orb
If you want to use the rules in a different org, pass the --org parameter to the args.
The Snyk Orb evaluates severity levels for the Org for which the SNYK_TOKEN was created. If you specify a different Org, the token must have access to that Org.