snyk test in the CLI, I am receiving notifications for vulnerabilities that I have already ignored in the Snyk UI (https://app.snyk.io/).
The policy for vulnerabilities of your project is saved locally in a
.snyk file in the folder of your project. For information on how this file is created, see .snyk file creation.
If you ignore a vulnerability within the Snyk UI, there is no mechanism for the ignore policy to be propagated from the UI to the local
.snyk file within your project folder. This is why when you run
snyk test after having ignored a vulnerability within the Snyk UI you see that vulnerability in the test results.
Note that if you run
snyk monitor after ignoring a vulnerability within the Snyk UI, the
monitor command uses the ignore you set in the UI.
If you intend to use the
snyk test command in the CLI to test your projects, ensure that you ignore the vulnerabilities using the
snyk ignore command in the CLI. For more information, see the
snyk ignore command help. Run the
monitor command again to ensure the ignore you applied locally is applied in the snapshot to be monitored.