Ignore vulnerabilities using the Snyk CLI

For Snyk Open Source, these options work by default.

For Snyk Container, these options also work, but after registering an ignore, when you call snyk test or snyk monitor, you must use the --policy-path= option, for example: snyk container test node --policy-path=.snyk.

For Snyk Infrastructure as Code, see IaC ignores using the snyk policy file.

For Snyk Code, see Excluding directories and files from the Snyk Code CLI test.

Sometimes, Snyk alerts you to a vulnerability that has no update or Snyk patch available, or that you do not believe to be currently exploitable in your application. When this happens you may want to tell Snyk to ignore the vulnerability for a certain period of time.

You can ignore a specific vulnerability in a project using the snyk ignore command.

snyk ignore --id=<ISSUE_ID> [--expiry=<EXPIRY>] [--reason=<REASON>] [--policy-path=<PATH_TO_POLICY_FILE>] [<OPTIONS>]

The snyk ignore command updates the .snyk file and supports the following options:

OPTION

DESCRIPTION

DEFAULT

REQUIRED

--id

The Snyk ID for the issue to ignore. Found by running snyk test and grabbing the last segment of the URL for a given vulnerability.

Example: For the vulnerability found at https://security.snyk.io/vuln/SNYK-DEBIAN10-NODETOUGHCOOKIE-5759362, the Snyk ID is:

SNYK-DEBIAN10-NODETOUGHCOOKIE-5759362.

None

Yes

--expiry

Expiry date in YYYY-MM-DD format (RFC2822 and ISO 8601 are supported).

Example: --expiry=2017-04-30.

30 days

--reason

Human-readable <REASON> to ignore this issue. Example: reason='Not currently exploitable'.

None

--policy-path=<PATH_TO_POLICY_FILE>

Path to a .snyk policy file to pass manually.

None

--path

Path to resource for which to ignore the issue. Example: path='tough-cookie@2.15.8'

All

PreviousFailing of builds in Snyk CLI NextInvalid string length error when scanning projects

Last updated 6 months ago