.snykfile is a policy file that Snyk uses to define certain analysis behaviors and to specify patches for the CLI and CI/CD plugins.
.snykfile is generally located at the root of your project.
.snykpolicy is used to apply ignores and other settings for the
snyk monitorcommands, as well as any tests done through the API or website.
.snykfile defines Snyk patches to be applied at build time, to resolve vulnerabilities that can't be fixed with upgrades or do not have a version to get to (npm and Yarn only).
.snykfile defines Ignores.
.snykfile for ignore rules when performing CLI and CI/CD scanning.
snyk monitorcommands as well as any tests through the API or website.
.snykfile exists in the project. If a
snyk testuses this file as the ignore mechanism, instead of the ignores set from the web UI.
.snykfile is included in an SCM project, Snyk considers both the database ignores and the
.snykfile defines certain analysis configuration items, such as language settings and Python version.
.snykfile in your code repository has the advantage when running code repository scans of creating project-level Python settings when the language-setting value is set, resulting in project-level settings. You may need to re-import the project if the
.snykfile was not present on the initial import of the project into Snyk.
.snykfile can be created in a number of ways
.snykfile is added to the pull request (Currently Snyk patches are for npm and Yarn only.)
.snykpolicy (currently available for npm and Yarn only)
snyk ignorecommand (.snyk file must exist)
.snykfile and populate it with the following. Note that in order to ignore by path, manual editing is required except when
snyk wizardis used.
.snykfile to be relative to the manifest being analyzed. In the case of a complex project or monorepo, there may be many manifests in subfolders, and you may wish to use a centralized ignore policy.
.snykignore policy in CLI and Snyk does not successfully ignore the vulnerability, use the option
snyk ignore --id=IssueID [--expiry=expiry] [--reason='reason for ignoring'] [--policy-path=/path/path/file]
.snykfile for setting analysis for the project at Python 2.7 *
.snykfile for setting analysis for the project at Python 3.6.2 *
.snykfile in your code repository when running code repository scans provides an added advantage of creating project-level Python languages settings when the language-setting value is set.
GPL-2.0is the only piece of the command that can be uppercase without causing an error.
snyk policycommand displays the
.snykpolicy for a package.
snyk ignorecommand modifies the
.snykpolicy to ignore a stated issue.
snyk ignorecommand to generate a rule to ignore the SNYK-JS-BSON-561052 vulnerability for all paths that lead to that library on disk.
.snykfile should be versioned in the code repository, like other applications and build resources.