snyker fails to update policy file ignore rules

Question

snyker fails to update policy file ignore rules

Closed this issue a month ago · 1 comments

Issue

Details

There are setups with snyk that prevent CLI based ignores, see below:

$ npx snyk ignore --id=123
Only administrators can ignore issues. Please contact an administrator to ignore this issue.

When this is the case @asos/snyker will fail to add the ignores to the .snyk policy file.

Given the ignores have a known format:

ignore:
  <VULNERABILITY_ID>:
    - '*':
        reason: <REASON_OF_CHOICE>
        expires: <EXPIRY_OF_CHOICE>

@asos/snyker could feasibly still update the .snyk policy file by manually crafting the required yaml instead of relying directly on snyk ignore --id=<VULNERABILITY_ID> to handle it.

This could either be in place of using the Snyk CLI or as a fallback when such errors occur.

Pertinent code: https://github.com/ASOS/snyker/blob/main/src/index.js#L405-L407

Answer 1 · 2024-09-01T13:30:32.000Z

I've resolved this in my fork, see https://github.com/jlp-craigmorten/snyker/releases/tag/5.0.1