diff --git a/.snyk b/.snyk
new file mode 100644
index 000000000..d84ee8d87
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,7 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+ignore: {}
+patch: {}
+exclude:
+  global:
+    - vendor
diff --git a/cmd/changelog/main.go b/cmd/changelog/main.go
index c3bd0672b..aff0a7f5b 100644
--- a/cmd/changelog/main.go
+++ b/cmd/changelog/main.go
@@ -243,12 +243,19 @@ func getChanges(pullRequestIds, pullRequestHashes []string) []*Change {
 	var changes []*Change
 	log.Print("Reading changes from the GitHub API")
 	for i, id := range pullRequestIds {
-		change := getPullRequestFromGitHub(id)
-		change.hash = pullRequestHashes[i]
-		if _, err := determineReleases(change); err != nil {
-			continue
+		// This regex checks that the ids passed as CLI arguments are valid.
+		// This code cannot be encapsulated or Snyk will flag it as a defect.
+		// This warning was originally raised in issue OCPBUGS-26937.
+		if regexp.MustCompile(`^\d*$`).MatchString(id) {
+			change := getPullRequestFromGitHub(id)
+			change.hash = pullRequestHashes[i]
+			if _, err := determineReleases(change); err != nil {
+				continue
+			}
+			changes = append(changes, change)
+		} else {
+			log.Print("ERR :: could not validate entered Pull Request, ", id)
 		}
-		changes = append(changes, change)
 	}
 	return changes
 }