SupportSnyk LearnAPI referenceProduct updatesSign up for free

Consistent Ignores for Snyk Code FAQs

Release status

Snyk Code Consistent Ignores is in Early Access and available only with Enterprise plans. For more information, see plans and pricing.

This FAQ section addresses common concerns about the Snyk Code Consistent Identity Early Access program. You can share feedback about these items with your Snyk account team.

Snyk Code CLI Upload

Snyk Code Consistent Ignores does not support ignores for Projects associated with CLI Upload.

If you activate a Snyk Organization with Snyk Code CLI Upload Projects, ignores for any subsequent scans using snyk code test --report are not taken into account. All resulting Projects and associated issues are shown as open. Additionally, any pre-existing Project-scoped ignores will not be converted to asset-scoped ignores.

Snyk Code Consistent Ignores limitation in CLI upload

Recommendation

If you're using Snyk Code CLI Upload Projects, consider postponing Consistent Ignores enablement until these workflows are supported.

If you want to try out Snyk Code Consistent Ignores, you can enable it for Organizations that do not have Snyk Code CLI Upload Projects.

Finding identifier added to Issues API and Reporting

There are no changes to the Group and Organization level Issues API endpoints or Reporting (issue reporting).

An additional attribute containing the finding identifier will be added to these API endpoints and issue reports in the coming months. You can use this to assist you in converting from Project-scoped to asset-scoped ignores, especially at scale or if you have competing ignores across different Projects.

Bulk ignore conversion

You need to migrate pre-existing Project-scoped ignores to asset-scoped ignores manually on the Projects page.

You may be able to script some of the migration using the CLI, as the CLI output returns both the issueId value used in the v1 ignores API, and the snyk/assets/finding/v1 ID used to manage asset-scoped ignores. The bulk ignore conversion needs to be done at the repository level.

Recommendation

If you need support with the migration, reach out to your Snyk account teams or request time with Snyk product management to share feedback on what will make this process easier for you.

Support for Bitbucket Data Center/Server

When testing a Bitbucket Server repository, the ignores created are not respected across Projects imported through an SCM integration, Snyk CLI, and IDE.

Recommendation

Postpone activating Snyk Code Consistent Ignores until Bitbucket Data Center/Server is fully supported.

Ignore limitations outside my Snyk Organization

Ignores only work within the Organization where they're defined. You need to run tests in the Organization where you stored an ignore for it to be taken into account. This is also valid for Snyk IDE and CLI environments where developers work in repositories that span multiple Snyk organizations.

Depending on feedback during the Early Access period, we may offer a broader scope for ignores beyond an individual Organization.

Existing DeepCode inline ignores (legacy) are not supported or migrated

Deepcode inline ignores are a legacy feature that is only available for certain customers. If you have pre-existing Deepcode inline ignores, Snyk removes them from the test results. The results are not marked as Open or Ignored.

Recommendation

Recreate these ignores using the new Snyk Code Consistent Ignore process, either using Snyk API or through the Projects page. Reach out to your Snyk account team or Snyk product management to share feedback on what will make this process easier for you.

Repository renames may result in ignores being lost

Snyk may fail to complete testing after you rename a repository, depending on whether the underlying SCM supports redirects. If Snyk successfully runs subsequent tests (e.g., GitHub), ignores may not be applied.

Recommendation

Before renaming

Convert all ignores to apply to the entire repository (consistent ignores).

After renaming

  1. Delete all targets associated with that repository.

  2. Reimport the newly renamed repository.

Previous Consistent Ignores are applied to the newly named repository. New clones in IDEs/CLI that reference the new name take into account the ignores, even with the old git URL, in case some developers haven't updated their remote repositories.

Granular ignores

Using this feature, you can no longer apply an ignore to a single Snyk Project. This means that ignores cannot be applied to a specific branch within a single Organization.

If you have specific use cases that require this functionality, reach out to your Snyk account team or Snyk product management for feedback.

Project attribute policies

Policies defined against Project attributes will continue to work within Snyk Projects where the attributes match. The policies are not applied across the repository to other Projects or in Snyk IDE, CLI, or PR checks flows. To apply policies across Projects and branches for the same repository, define them against Organizations.

CI/CD support for snyk test --code

Most native Snyk CI/CD plugins (e.g., Jenkins, AWS Pipelines) do not support Snyk Code. As a workaround, some users have been applying the --code flag to the standard snyk test command to invoke a Snyk Code scan instead of a Snyk Open Source scan. Snyk Code Consistent Ignores does not support this workflow.

PreviousConsistent Ignores for Snyk Code Pull Request ChecksNextPrioritization for Snyk Essentials

Last updated

Was this helpful?