POST /workflow API used to create new workflows accepts python script under dagContent attribute. As there is no vulnerability scan done on this script presently, it poses a security concern of malicious script injection.
To temporarily handle this concern until a more robust solution is in place, the dagContent is being ignored based on
osdu.azure.airflow.ignoreDagContent value to be set in application.properties of the provider module before deploying. For ease of setting this variable, it has been made an deployment environment variable as