Problem
When running snyk test
in the CLI, I am receiving notifications for vulnerabilities that I have already ignored in the Snyk UI (https://app.snyk.io/).
Discussion
The policy for vulnerabilities of your project is saved locally in a .snyk
file in the folder of your project. For information on how this file is created, see .snyk file creation.
If you ignore a vulnerability within the Snyk UI, there is no mechanism for the ignore policy to be propagated from the UI to the local .snyk
file within your project folder. This is why when you run snyk test
after having ignored a vulnerability within the Snyk UI you see that vulnerability in the test results.
Note that if you run snyk monitor
after ignoring a vulnerability within the Snyk UI, the monitor
command uses the ignore you set in the UI.
Resolution
If you intend to use the snyk test
command in the CLI to test your projects, ensure that you ignore the vulnerabilities using the snyk ignore
command in the CLI. For more information, see the snyk ignore
command help. Run the monitor
command again to ensure the ignore you applied locally is applied in the snapshot to be monitored.