snyker fails to update policy file ignore rules
Closed this issue · 1 comments
jlp-craigmorten commented
Issue
Details
There are setups with snyk that prevent CLI based ignores, see below:
$ npx snyk ignore --id=123
Only administrators can ignore issues. Please contact an administrator to ignore this issue.
When this is the case @asos/snyker
will fail to add the ignores to the .snyk
policy file.
Given the ignores have a known format:
ignore:
<VULNERABILITY_ID>:
- '*':
reason: <REASON_OF_CHOICE>
expires: <EXPIRY_OF_CHOICE>
@asos/snyker
could feasibly still update the .snyk
policy file by manually crafting the required yaml instead of relying directly on snyk ignore --id=<VULNERABILITY_ID>
to handle it.
This could either be in place of using the Snyk CLI or as a fallback when such errors occur.
Pertinent code: https://github.com/ASOS/snyker/blob/main/src/index.js#L405-L407
jlp-craigmorten commented
I've resolved this in my fork, see https://github.com/jlp-craigmorten/snyker/releases/tag/5.0.1