Open ronperris opened 4 years ago
IDE plugin to be aware of settings in the .snyk file.
.snyk
Vulns reported in IDE, even though set to ignore or patch via .snyk settings.
Example .snyk file:
$ cat .snyk # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. version: v1.14.1 # ignores vulnerabilities until expiry date; change duration by modifying expiry date ignore: SNYK-JS-LODASH-450202: - tailwind > datasette > lodash: reason: No patch available. expires: '2020-07-20T12:57:58.123Z' SNYK-JS-LODASH-73638: - tailwind > datasette > lodash: reason: No patch available. expires: '2020-07-20T12:57:58.123Z' SNYK-JS-LODASH-73639: - tailwind > datasette > lodash: reason: No patch available. expires: '2020-07-20T12:57:58.123Z' 'snyk:lic:npm:commands-events:AGPL-3.0': - tailwind > commands-events: reason: None given expires: '2020-07-20T12:57:58.123Z' 'snyk:lic:npm:tailwind:AGPL-3.0': - tailwind: reason: None given expires: '2020-07-20T12:57:58.123Z' # patches apply the minimum changes required to fix a vulnerability patch: SNYK-JS-LODASH-450202: - tailwind > lodash: patched: '2020-06-20T12:56:11.546Z' - tailwind > lodash: patched: '2020-06-20T12:56:11.546Z' - tailwind > flaschenpost > lodash: patched: '2020-06-20T12:56:11.546Z' - tailwind > flaschenpost > lodash: patched: '2020-06-20T12:56:11.546Z' - tailwind > datasette > lodash: patched: '2020-06-20T12:56:11.546Z' - tailwind > datasette > lodash: patched: '2020-06-20T12:56:11.546Z' SNYK-JS-LODASH-567746: - tailwind > lodash: patched: '2020-06-20T12:56:11.546Z' - tailwind > flaschenpost > lodash: patched: '2020-06-20T12:56:11.546Z' - tailwind > datasette > lodash: patched: '2020-06-20T12:56:11.546Z'
What did you expect?
IDE plugin to be aware of settings in the
.snykfile.What did you experience?
Vulns reported in IDE, even though set to ignore or patch via
.snyksettings.Example
.snykfile: