Ignore vulnerabilities using Snyk CLI
For Snyk Open Source, these commands work by default. For Snyk Container, these commands also work, but after registering an ignore, when you call snyk test or snyk monitor, you must use the --policy-path= argument: for example: snyk container test node --policy-path=.snyk For Snyk Infrastructure as Code, see IaC ignores using the snyk policy file. For Snyk Code, these commands are not yet implemented.
Sometimes, Snyk may alert you to a vulnerability that has no update or Snyk patch available, or that you do not believe to be currently exploitable in your application. In this case, you may want to tell Snyk to ignore the vulnerability for a certain period of time.
You can ignore a specific vulnerability in a project, using snyk ignore:
1
snyk ignore --id=IssueID [--expiry=expiry] [--reason='reason for ignoring']
Copied!
Options
snyk ignore accepts three options:
OPTION
DESCRIPTION
DEFAULT
REQUIRED
--id
The Snyk ID for the issue to ignore. Found by running snyk test and grabbing the last segment of the URL for a given vulnerability.
Example: For the vulnerability found at https://snyk.io/vuln/npm:tough-cookie:20160722, you
would use:
--id=npm:tough-cookie:20160722
None
Yes
--expiry
The expiry date string, according to RFC2822.
Example: --expiry=2017-04-30
30 days
No
--reason
The reason for ignoring the issue.
Example: --reason='Not currently exploitable.'
None given
No
Last modified 2mo ago
Export as PDF
Copy link
Edit on GitHub