We normally recommend that you don’t ignore vulnerabilities unless there are no fixes available. However if you don’t want to fix a vulnerability, and would like to ignore it, there are a few ways you can do this.
For npm projects you can use
snyk wizard to ignore the vulnerability for 30 days, adding a reason why. Note that for npm projects, Snyk does not test
devDependencies by default.
For all projects (including Ruby projects), you can ignore the vulnerability by creating a
.snykYAML file in the root of your project with the following format:
For example, if you wanted to ignore the vulnerability with SNYK ID SNYK-RUBY-FASTREADER-20085 in
fastreader, with the reason “No remediation available” until 01 Jan 2017, you would write: