Comment on page
Policies
Feature availability
This feature is available to Enterprise customers. See pricing plans for more details.
Snyk policies apply only to Snyk Open Source scans.
Snyk policies contain rules to define how Snyk behaves when encountering specific types of issues. With policies, you can identify types of issues based on conditions, such as
no exploit available
, and then apply actions to these issues, such as changing the severity. Thus by using customizable Snyk policies, you can define actions for specific types of issues encountered in scanning.%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(2)%20(1)%20(2).png?alt=media)
Snyk Policy manager
The
.snyk
file is a policy file that Snyk uses to define certain analysis behaviors and to specify patches for the CLI and CI/CD plugins. See The .snyk file for detailsPolicies give you a quick and automated way to identify and triage issues that are irrelevant to or unimportant in your application development. This reduces the noise level, saving valuable development time and allowing developers to take more responsibility for and ownership of security.
Policies help prioritize issues to address and can ensure vulnerable or non-compliant components do not escape notice. Policies are part of the governance framework of your company.
Snyk has security and license policies.
- Security policies define Snyk behavior in treating vulnerabilities, for example, according to severity levels or ignored issues.
- License policies define Snyk behavior in treating license issues, such as allowing or disallowing packages with certain license types and avoiding the use of packages containing incompatible licenses.
Different applications may need to be scanned according to different policies. Mission-critical applications are likely to need more control than internal applications in a sandbox environment. You can establish the needed control by assigning policies to: