Sometimes, Snyk may alert you to a vulnerability that has no update or Snyk patch available, or that you do not believe to be currently exploitable in your application. In this case, you may want to tell Snyk to ignore the vulnerability for a certain period of time.
If you're using snyk wizard (only available on Node.js projects), the wizard helps you choose which vulnerabilities to ignore for a period of 30 days. If you're using Ruby or Java, or if you want to specify a different duration, you can use the snyk ignore command.
snyk ignore --id=IssueID [--expiry=expiry] [--reason='reason for ignoring']
Options
snyk ignore accepts three options:
|
OPTION |
DESCRIPTION |
DEFAULT |
REQUIRED |
|
--id |
The Snyk ID for the issue to ignore. Found by running Example: For the vulnerability found at https://snyk.io/vuln/npm:tough-cookie:20160722, you would use: --id=npm:tough-cookie:20160722 |
None |
Yes |
|
--expiry |
The expiry date string, according to RFC2822. Example: --expiry=2017-04-30 |
30 days |
No |
|
--reason |
The reason for ignoring the issue. Example: --reason='Not currently exploitable.' |
None given |
No |