Issue:
Certain vulns of a GitHub originated project were ignored.
Once the customer ran a scan on the CI, the same vulns that were ignored showed up again and failed the build.
Reason
Ignores set on the UI are not duplicated to the projects local version.
Answer
The reason ignores are not showing is that you've created them on the imported project from GitHub, while the CI is running via the CLI integration with Snyk. For the Snyk app these are two separate projects, so the ignores works only on the GitHub tests. If you want the ignores to be effective in the CI, you need to create the project from the CLI and apply the ignores in it as follows:
1. Go to the root of your project, run "snyk monitor <path to the directory that contains the relevant package.json>". for example: "snyk install directsource-UI".
2. Go to Snyk app, you will now see a new project called "elligo" (since this is the name of the project in package.json)
3. Ignore the issue in the "elligo" project
4. Test and/monitor and see if it works ("snyk test <path to the directsource-UI folder>"). You might need to wait a minute/two (for some caches to expire)
Another workaround this is by running the `snyk wizard` command in the CLI, and ignoring the issues through there. This will create a snyk policy file which you can commit to your branch in GitHub and then the ignores will be relevant for all platforms. Please note that you will have to commit the policy file every time you make a change in the ignore settings.
Comments
0 comments
Please sign in to leave a comment.