I would like to clarify some moments regarding snyk ignore. Is it possible to configure .snyk file to ignore all kinds of issues for a particular maven dependency. https://docs.snyk.io/snyk-cli/commands/ignore
ignore:
'*': //<ISSUE_ID> all issues
- 'path to maven dependecny': // <PATH_TO_RESOURCE>
reason: <REASON>
expires: <EXPIRY>
I suppose it will not work as here issues' ids should be specified. Anyway. I would be grateful for any piece of advice.
Today the .snyk file can ignore:
Today it doesn't allow to ignore a specific dependency. If you have an Enterprise plan you may ignore at scale the CVEs associated to this dependency in the Policies tab in the Group level today, it is not ideal but some kind of workaround.
You may also use the ignore button in the UI but it will be on a per-project per-vuln basis