Certain vulnerabilities in a GitHub-originated project were ignored.
When the customer ran a scan using the CLI, the same vulnerabilities that were ignored showed up again and failed the build.
Ignores set in the UI are not duplicated in the local version of the project.
Ignores are not showing because you created them in the project imported from GitHub, while the CLI is running through the CLI integration with Snyk. For the Snyk app the local project and the project in your account are two separate projects, so the ignores work only for the GitHub tests.
If you want the ignores to be effective in the CLI, create the project from the CLI and apply the ignores in the CLI as follows:
- Go to the root of your project and run
snyk monitor <path to the directory that contains the relevant package.json>, for example,
snyk install directsource-UI.
- Go to the Snyk app; there is a new project that has the name of the project in
package.json, for example, "elligo."
- Ignore the issue in the "elligo" project.
snyk monitorand see if this solution works, for example,
snyk test <path to the directsource-UI folder>. If necessary wait a minute or two to allow some caches to expire.
To resolve the problem you can also run the
snyk ignore command in the CLI. This creates a
.snyk policy file which you can commit to your branch in GitHub to apply ignores for all platforms. Note that you must commit the
.snyk policy file each time you make a change in the ignore settings.