iac testcommand, you can ignore issues that are not relevant for you by using the
.snykpolicy file. Snyk recommends that you store and version the
.snykfile in the root of the working directory where you store your IaC configuration files.
.snykfile are ignored.
.snykfile and ignores created in the Snyk UI are not synchronized.
snyk iac testagainst a directory, either by passing in one or more directories or using the default argument of the current working directory, the Snyk CLI looks for a file named
.snykin each of those directories.
*object key causes the CLI to ignore all instances of the
SNYK-CC-K8S-1vulnerability. You can add multiple entries, keyed by the IaC issue ID, to ignore multiple vulnerabilities.
*to the path of that single file relative to the directory being tested that contains the
ignorecommand in the Snyk CLI or manually modifying the
SNYK-CC-K8S-1ID in two specific files:
.snykpolicy file as follows:
snyk iac test, and add it to the file path.
.snykpolicy file for each test. For example, the command
snyk iac test dir1/ dir2/loads
dir2/.snyk, but if the file
dir1/foo/bar/.snykexists, the CLI does not load it.
snyk iac test, the CLI loads
$PWD/.snyk. One common pattern is to use a single
.snykpolicy file per repository, in the root of that repository.
--policy-path=..., which overrides the location of
.snykpolicy files. The path can either be a directory containing a file named
.snykor the path to a file named
.snyk. The name of the policy file must be
snyk iac testis a file rather than a directory. In this case,
--policy-pathmust be specified in order to load policies.
--ignore-policy, which causes any found
.snykpolicy files to be ignored.