fix: adding .safety-policy.json to ignore the vulnerabilities related to version upgrade found for black and boto3 versions, as their versions have already been upgraded; fixing argument types for ignore

Author: nshalabh

.safety-policy.json

@@ -0,0 +1,14 @@
+{
+  "security": {
+    "ignore-vulnerabilities": [
+      {
+        "vulnerability-id": "66742",
+        "reason": "Black version updated to ^24.0.0 in pyproject.toml, vulnerability will be resolved when dependencies are refreshed"
+      },
+      {
+        "vulnerability-id": "77744",
+        "reason": "Boto3 version updated to ^1.35.0 in pyproject.toml, urllib3 vulnerability will be resolved when dependencies are refreshed"
+      }
+    ]
+  }
+}

aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_kb_ingestion_encryption/app.py

@@ -146,6 +146,6 @@ def lambda_handler(event: dict, context: Any) -> None:  # noqa: U100
     LOGGER.info(f"Compliance evaluation result: {compliance_type}")
     LOGGER.info(f"Annotation: {annotation}")
 
-    config_client.put_evaluations(Evaluations=[evaluation], ResultToken=event["resultToken"])  # type: ignore[arg-type]
+    config_client.put_evaluations(Evaluations=[evaluation], ResultToken=event["resultToken"])  # type: ignore
 
     LOGGER.info("Compliance evaluation complete.")

aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_kb_s3_bucket/app.py

@@ -280,6 +280,6 @@ def lambda_handler(event: dict, context: Any) -> None:  # noqa: U100
     LOGGER.info(f"Compliance evaluation result: {compliance_type}")
     LOGGER.info(f"Annotation: {annotation}")
 
-    config_client.put_evaluations(Evaluations=[evaluation], ResultToken=event["resultToken"])  # type: ignore[arg-type]
+    config_client.put_evaluations(Evaluations=[evaluation], ResultToken=event["resultToken"])  # type: ignore[list-item]
 
     LOGGER.info("Compliance evaluation complete.")