.snyk
policy file can be used to exclude resources from being considered IaC drift by snyk iac describe
. See the .snyk
policy file doc for more general information..snyk
. If you have more complex requirements, consider using filter rules. For more information see Filter results..snyk
file in the directory where you launch the snyk iac describe
command, typically the root of your IaC repo.resource_type.resource_id
, where resource_id
is a wildcard to exclude all resources of a given typeresource_type.resource_id.path.to.field_name
, where resource_id
is a wildcard to ignore a drift on given field for a given type and path
can also contain wildcards..snyk
policy file also supports negation of rules. This allows you to ignore everything except certain types. In this example, only S3 buckets will not be ignored:.snyk
file, snyk iac describe
ignores this resource.snyk iac update-exclude-policy --help.
.snyk
policy file, adding all the detected drifts to it, in order to ignore them all.