Ignore vulnerabilities using the Snyk CLI
For Snyk Open Source, these options work by default.
For Snyk Container, these options also work, but after registering an ignore, when you call snyk test
or snyk monitor
, you must use the --policy-path=
option, for example: snyk container test node --policy-path=.snyk.
For Snyk Infrastructure as Code, see IaC ignores using the snyk policy file.
For Snyk Code, see Excluding directories and files from the Snyk Code CLI test.
Sometimes, Snyk alerts you to a vulnerability that has no update or Snyk patch available, or that you do not believe to be currently exploitable in your application. When this happens you may want to tell Snyk to ignore the vulnerability for a certain period of time.
You can ignore a specific vulnerability in a project using the snyk ignore
command.
snyk ignore --id=<ISSUE_ID> [--expiry=<EXPIRY>] [--reason=<REASON>] [--policy-path=<PATH_TO_POLICY_FILE>] [<OPTIONS>]
The snyk ignore
command updates the .snyk
file and supports the following options:
OPTION | DESCRIPTION | DEFAULT | REQUIRED |
| The Snyk ID for the issue to ignore. Found by running Example: For the vulnerability found at https://security.snyk.io/vuln/SNYK-DEBIAN10-NODETOUGHCOOKIE-5759362, the Snyk ID is: | None | Yes |
| 30 days | No | |
| Human-readable <REASON> to ignore this issue. Example: | None | No |
| Path to a .snyk policy file to pass manually. | None | No |
| Path to resource for which to ignore the issue. Example: | All | No |
Last updated