diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml
index 79695c970..b48bc6213 100644
--- a/.github/workflows/shiftleft.yml
+++ b/.github/workflows/shiftleft.yml
@@ -32,7 +32,7 @@ jobs:
run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
id: extract_branch
- name: NextGen Static Analysis
- run: ${GITHUB_WORKSPACE}/sl analyze --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg target/hello-shiftleft-0.0.1.jar
+ run: ${GITHUB_WORKSPACE}/sl analyze --wait --app shiftleft-java-l4 --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg target/hello-shiftleft-0.0.1.jar
env:
SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
@@ -56,4 +56,4 @@ jobs:
env:
SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
-
\ No newline at end of file
+
diff --git a/pom.xml b/pom.xml
index eb17410c8..1cce22ff0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -31,6 +31,11 @@
jasypt
1.9.2
+
+ org.apache.logging.log4j
+ log4j-api
+ 2.14.0
+
com.github.ulisesbocchio
jasypt-spring-boot-starter
diff --git a/shiftleft.yml b/shiftleft.yml
index 220d4baf4..941a13288 100644
--- a/shiftleft.yml
+++ b/shiftleft.yml
@@ -9,4 +9,9 @@ build_rules:
- SEVERITY_MEDIUM_IMPACT
- SEVERITY_HIGH_IMPACT
- SEVERITY_LOW_IMPACT
- threshold: 0
\ No newline at end of file
+ threshold: 0
+ - id: reachable-oss-vuln
+ finding_types: [oss_vuln]
+ options:
+ reachable: true
+ num_findings: 10