Problem:
When running snyk test in the CLI, I am receiving notifications for Vulnerabilities that I have already ignored in the Snyk UI (https://app.snyk.io/).
Discussion:
Once you have run snyk wizard via the CLI tool on your project, the policy for vulnerabilities of your project are saved locally in a .snyk file in the folder of your project. This is how subsequent scans of a project can maintain the policies that you have chosen the last time that you have run the wizard.
When you run snyk protect the policy will be uploaded to the Snyk UI (https://app.snyk.io/) to be displayed in your web portal.
If you ignore a vulnerability within the Snyk UI, there currently is no mechanism for the Ignore policy to be propagated to the local .snyk file within your project's folder. This is why when you run snyk test after having Ignored a vulnerability within the Snyk UI you will still see that vulnerability shown in the test results.
Resolution:
At this time we can only recommend that if you intend to use snyk test via the CLI to test your projects that you ensure that you ignore the Vulnerabilities via the CLI. We are looking for ways to improve this functionality in the future.
Comments
0 comments
Please sign in to leave a comment.