Introduction to policies
Snyk policies currently only apply to Snyk Open Source scans.
Snyk Policies contain rules defining how Snyk behaves when encountering certain types of issues. With policies, you can identify types of issues based on conditions (such as “no exploit availableâ€), then apply actions to these issues (such as changing the severity).
Policies give you a quick and automated way to identify and triage issues that are not important or relevant to your application development. This saves valuable development time, and allows developers to take more responsibility and ownership for security, reducing the “noise†level.
Policies help prioritize which issues to address, and can ensure vulnerable or non-compliant components do not slip through the cracks. Policies are part of your company’s governance framework.
Snyk policies include:
- ​Security policies: defines Snyk behavior for treating vulnerabilities. For example, to change severity levels or ignore issues.
- ​License policies: defines Snyk behavior for treating license issues. For example, to allow or disallow packages with certain license types, to avoid using packages containing incompatible licenses.
Different applications may need different policies applied; mission-critical applications will likely need more control than internal applications in a sandbox environment.
You can enable this control, by applying policies to:
​
Last modified 1mo ago