Excluding directories and files from the import process
When you import a repository to be tested by Snyk Code, you can exclude certain directories and files from the import by using the .snyk file. The .snyk file is a YAML policy file that can contain shell matching patterns (regular expressions), which allow you to specify the directories and files you want to exclude from the import process. The .snyk file should be created in the repository you intend to import.
- In Snyk Code, the - .snykfile can only be used to exclude directories and files from import. It cannot be used to ignore vulnerabilities or for any other action (as in other Snyk products).
- Currently, the Exclude option in the - .snykfile applies only to the Snyk Web UI and CLI Environments. The Exclude option cannot be used when working with Snyk Code in an IDE environment.
- In certain situations, your excluded files may not be excluded if there is an invalid - .snykfile. In these situations, the scan continues without the- .snykfile.
You can also use the instructions in this section to exclude directories and files from the Snyk Code CLI test, by creating the .snyk file in your tested repository.
The Exclusion Syntax of the .snyk File
Use the following syntax to exclude files and directories via the .snyk file:
.snyk file:# Snyk (https://snyk.io) policy file
exclude:
# Use either “global” or “code”. “global” currently applies only to the Snyk Code product, and it will exclude the specified directories and files from these tests; “code” applies only to the Snyk Code analysis.
    global:
        # Exclude a single file. For example, - test.spec.js
            - file_name.ext
        # Exclude a single directory. For example, - src/lib
            - source/directory_name
        # Exclude any file with a specific extension in the specific directory. For example, - tests/.js
            - directory_name/.ext
        # Exclude files with a specific ending in any directory. For example, - “/.spec.js”
            - "/.ending.ext"
        # Exclude files in directories that have the same name with a different ending, like “test” and “tests”. The last character before the question mark is optional. For example, - tests?/
            - directory_name?/
        # Exclude all files and directories in a specific directory. For example, - tests/
            - directory_name/**Considerations
- The path in the rule should be relative to the - .snykfile location.
- All rules must have a preceding dash to be valid: - <Exclusion_rule> 
- Any rule beginning with an asterisk must be wrapped in quotes. For example: - - ”*/src”
- Indentations – - When using the syntax in the - .snykYAML file, pay careful attention to new lines and their indentation. Using the wrong indentation will prevent the execution of your excluding specification.
- Do NOT use tabs for indentation. Use only spaces for indentation. 
- To verify that you are using the syntax correctly, you can use a YAML Validator, like the YAML Lint. Be aware that some YAML Validators do not differentiate between the use of tabs and spaces for indentation. If you use tabs, a Validator may approve the syntax, but the exclude specifications will not be executed. 
 
- For more information on the syntax of shell matching patterns, see for example: - GNU Org - Shell Pattern Matching 
 
Using the .snyk File to exclude directories and files from import
To exclude directories and files from the import process using the .snyk file:
1. On the repository you want to import, create a YAML file called “.snyk”.
For example:

2. On the .snyk file, specify the directories and/or files you want to exclude from import according to the following syntax:
# Snyk (https://snyk.io) policy file
exclude:
 global:
   - <Exclusion_rule>
   - <Exclusion_rule>For example:
# Snyk (https://snyk.io) policy file
exclude:
 global:
   - todolist-goof/** 3. From the Snyk Web UI, import your repository in one of the following ways:
- If the repository was already imported to Snyk – retest the repository as follows: - On the Projects page, click the Code analysis Project of the repository. Then, on the Code Analysis page, click the Retest now option below the header: 
 

- If the repository was not imported yet to Snyk – import the repository. 
Your repository is imported to Snyk, without the directories and/or files you selected to exclude.
Example: Excluding 2 files from the Snyk Code analysis
We have a repository called “snyk-goof”, which we want to test for vulnerabilities using Snyk Code. After we imported this repository to Snyk, we get a list of 10 detected vulnerability issues, which were found in 3 files:

Now we want to exclude the app.js and db.js files from the Snyk Code analysis. To achieve that, we perform the following:
1. We create a .snyk file in the snyk-goof repository in GitHub:

2. In the .snyk file, we enter the following commands to exclude the app.js and db.js files from the import:

3. We retest the snyk-goof repository, by clicking the Retest now option on the Code Analysis page of the repository:
The app.js and db.js files are excluded from the retest, and therefore are not tested by Snyk Code. For this reason, they do not appear in the Code Analysis results, and now only 5 vulnerability issues are detected:

Last updated
Was this helpful?

