Wednesday, October 2, 2019

Snyk .snyk ignore file with multiple entries format

"Snyk enables you to find, and more importantly fix known vulnerabilities in your open source."


Some vulnerabilities you'd want to ignore, because for example they are (for you) either false positives, or there is no workaround for them (yet). You can specify them via the so-called CLI snyk ignore command, or in the UI manually, or via a .snyk ignore file. An introduction focused on NPM can be found here.
The format with an example for one entry is specified here: https://support.snyk.io/hc/en-us/articles/360000923498-How-can-I-ignore-a-vulnerability-

But what is the format for multiple entries? Most of the time with yaml (-like) formats you might expect a list, so each entry should be prefixed with a dash "-". But that is not the case here. The correct format for specifying multiple entries in the .snyk ignore file is:
version: v1.5.0
ignore:
  'SNYK-JAVA-xxxx-123456':
    - '* > com.abc:def':
      reason: 'Fix in progress'
      expires: '2020-01-05T08:00.00.000Z'
  'SNYK-JAVA-xxxx-678900':
    - '* > org.abc:ghi':
      reason: 'Windows issue, systems run on Linux'
      expires: '2020-02-06T09:00.00.000Z'
 
Note each block after the 'ignore' line is indented with two spaces.

No comments: