We normally recommend that you don’t ignore vulnerabilities unless there are no fixes available. However if you don’t want to fix a vulnerability, and would like to ignore it, there are a few ways you can do this.
For npm projects you can use snyk wizard to ignore the vulnerability for 30 days, adding a reason why. Note that for npm projects, Snyk does not test devDependencies by default.
For all projects (including Ruby projects), you can ignore the vulnerability by creating a .snykYAML file in the root of your project with the following format:
For example, if you wanted to ignore the vulnerability with SNYK ID SNYK-RUBY-FASTREADER-20085 in fastreader, with the reason “No remediation available” until 01 Jan 2017, you would write:
Comments
0 comments
Please sign in to leave a comment.