From d36e1615f9bbcf98ba2a47d0172a8caa9e43bfef Mon Sep 17 00:00:00 2001
From: robwlundy <83795676+robwlundy@users.noreply.github.com>
Date: Thu, 16 Dec 2021 18:51:13 -0500
Subject: [PATCH 1/4] Update pom.xml

---
 pom.xml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pom.xml b/pom.xml
index eb17410c8..d42be2021 100644
--- a/pom.xml
+++ b/pom.xml
@@ -31,6 +31,11 @@
            <artifactId>jasypt</artifactId>
            <version>1.9.2</version>
         </dependency>
+	<dependency>
+           <groupId>org.apache.logging.log4j</groupId>
+           <artifactId>log4j-api</artifactId>
+           <version>2.16.0</version>
+        </dependency>
         <dependency>
         <groupId>com.github.ulisesbocchio</groupId>
         	<artifactId>jasypt-spring-boot-starter</artifactId>

From ae93db4d0a61694a7f307a7a50b571f7d19e8c59 Mon Sep 17 00:00:00 2001
From: robwlundy <83795676+robwlundy@users.noreply.github.com>
Date: Thu, 16 Dec 2021 18:52:22 -0500
Subject: [PATCH 2/4] Update shiftleft.yml

---
 .github/workflows/shiftleft.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/shiftleft.yml b/.github/workflows/shiftleft.yml
index 79695c970..b48bc6213 100644
--- a/.github/workflows/shiftleft.yml
+++ b/.github/workflows/shiftleft.yml
@@ -32,7 +32,7 @@ jobs:
       run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
       id: extract_branch
     - name: NextGen Static Analysis
-      run: ${GITHUB_WORKSPACE}/sl analyze --wait --app shiftleft-java-demo --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg target/hello-shiftleft-0.0.1.jar
+      run: ${GITHUB_WORKSPACE}/sl analyze --wait --app shiftleft-java-l4 --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --vcs-prefix-correction "io/shiftleft=src/main/java/" --java --cpg target/hello-shiftleft-0.0.1.jar
       env:
         SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
         
@@ -56,4 +56,4 @@ jobs:
       env:
         SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
          
-  
\ No newline at end of file
+  

From 5db76b33059d85214505b46d98f91318cf8aab79 Mon Sep 17 00:00:00 2001
From: robwlundy <83795676+robwlundy@users.noreply.github.com>
Date: Thu, 16 Dec 2021 19:00:52 -0500
Subject: [PATCH 3/4] Update pom.xml

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index d42be2021..1cce22ff0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -34,7 +34,7 @@
 	<dependency>
            <groupId>org.apache.logging.log4j</groupId>
            <artifactId>log4j-api</artifactId>
-           <version>2.16.0</version>
+           <version>2.14.0</version>
         </dependency>
         <dependency>
         <groupId>com.github.ulisesbocchio</groupId>

From 65c79dd7a116906c5c66214450bae4b773e7d3bb Mon Sep 17 00:00:00 2001
From: robwlundy <83795676+robwlundy@users.noreply.github.com>
Date: Tue, 25 Jan 2022 11:03:21 -0500
Subject: [PATCH 4/4] Update shiftleft.yml

---
 shiftleft.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/shiftleft.yml b/shiftleft.yml
index 220d4baf4..941a13288 100644
--- a/shiftleft.yml
+++ b/shiftleft.yml
@@ -9,4 +9,9 @@ build_rules:
       - SEVERITY_MEDIUM_IMPACT
       - SEVERITY_HIGH_IMPACT
       - SEVERITY_LOW_IMPACT
-    threshold: 0
\ No newline at end of file
+    threshold: 0
+  - id: reachable-oss-vuln
+    finding_types: [oss_vuln]
+    options:
+      reachable: true
+      num_findings: 10