Create custom rules

Conditions

To run custom rules against a Project, it will need to be hosted within a repository. This will have a 1:1 relationship, meaning a .snyk file needs to be present in every relevant repository.

If you do not have a .snyk file, you can create a file with a .snyk extension and paste the custom rule YAML formatted code into it for the rules to work.

🔗 The .snyk file

Create custom rule

You can save custom rules from useful queries and add metadata. The metadata is used to create YAML formatted code. Export the YAML content as a rule in the .snyk file of your relevant repository to run it alongside Snyk's in-house rules in future scans.

1. Open Snyk Web UI and go to your Group and Organization.

2. Go to Custom rules.

3. Write your query in the Code query panel.

4. (Optional) Run a query on a repository or on a code snippet.

5. Configure the metadata:

   • Name: This is shown whenever the query surfaces a result.

   • Severity: Set the severity of the result based on Snyk security levels. Snyk Code uses only three severity levels: Low, Medium and High.

   • Description: Add a description of the result and why it has surfaced.

   • CWE: Link relevant CWEs.

   • Fix Analysis: Describe how the developers should address the vulnerability. You could structure the fix as general guidance or based on your organization's best practices.

1. Click Generate custom rule to create YAML formatted code.

2. Export the query as a rule by copying the YAML content to the .snyk file, in the relevant repository.