Problem
Certain vulnerabilities in a GitHub-originated project were ignored.
When the customer ran a scan using the CLI, the same vulnerabilities that were ignored showed up again and failed the build.
Reason
Ignores set in the UI are not duplicated in the local version of the project.
Resolution
Ignores are not showing because you created them in the project imported from GitHub, while the CLI is running through the CLI integration with Snyk. For the Snyk app the local project and the project in your account are two separate projects, so the ignores work only for the GitHub tests.
If you want the ignores to be effective in the CLI, create the project from the CLI and apply the ignores in the CLI as follows:
- Go to the root of your project and run
snyk monitor <path to the directory that contains the relevant package.json>
, for example,snyk install directsource-UI
. - Go to the Snyk app; there is a new project that has the name of the project in
package.json
, for example, "elligo." - Ignore the issue in the "elligo" project.
- Run
snyk test
andsnyk monitor
and see if this solution works, for example,snyk test <path to the directsource-UI folder>
. If necessary wait a minute or two to allow some caches to expire.
To resolve the problem you can also run the snyk ignore
command in the CLI. This creates a .snyk
policy file which you can commit to your branch in GitHub to apply ignores for all platforms. Note that you must commit the .snyk
policy file each time you make a change in the ignore settings.