We normally recommend that you don’t ignore vulnerabilities unless there are no fixes available. However if you don’t want to fix a vulnerability, and would like to ignore it, there are a few ways you can do this.
From the UI
From project, find the vulnerability you want to ignore, and clicking the Ignore button.
In the popup window, select the reason, input a custom comment (optional) and select how long to ignore the vulnerability for:
From the CLI
For CLI projects you can use
snyk ignore to ignore vulnerabilities by their ID. Review the full documentation here.
For npm projects you can use
snyk wizard to ignore the vulnerability for 30 days, adding a reason why. Note that for npm projects, Snyk does not test
devDependencies by default.
For all projects (including Ruby projects), you can ignore the vulnerability by creating a
.snykYAML file in the root of your project with the following format:
For example, if you wanted to ignore the vulnerability with SNYK ID SNYK-RUBY-FASTREADER-20085 in
fastreader, with the reason “No remediation available” until 01 Jan 2017, you would write: