vulncost
vulncost copied to clipboard
Published
20 hours ago •
snyk
snyk
Add policy file awareness.
What did you expect?
IDE plugin to be aware of settings in the .snyk file.
What did you experience?
Vulns reported in IDE, even though set to ignore or patch via .snyk settings.
Example .snyk file:
$ cat .snyk
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.14.1
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
SNYK-JS-LODASH-450202:
- tailwind > datasette > lodash:
reason: No patch available.
expires: '2020-07-20T12:57:58.123Z'
SNYK-JS-LODASH-73638:
- tailwind > datasette > lodash:
reason: No patch available.
expires: '2020-07-20T12:57:58.123Z'
SNYK-JS-LODASH-73639:
- tailwind > datasette > lodash:
reason: No patch available.
expires: '2020-07-20T12:57:58.123Z'
'snyk:lic:npm:commands-events:AGPL-3.0':
- tailwind > commands-events:
reason: None given
expires: '2020-07-20T12:57:58.123Z'
'snyk:lic:npm:tailwind:AGPL-3.0':
- tailwind:
reason: None given
expires: '2020-07-20T12:57:58.123Z'
# patches apply the minimum changes required to fix a vulnerability
patch:
SNYK-JS-LODASH-450202:
- tailwind > lodash:
patched: '2020-06-20T12:56:11.546Z'
- tailwind > lodash:
patched: '2020-06-20T12:56:11.546Z'
- tailwind > flaschenpost > lodash:
patched: '2020-06-20T12:56:11.546Z'
- tailwind > flaschenpost > lodash:
patched: '2020-06-20T12:56:11.546Z'
- tailwind > datasette > lodash:
patched: '2020-06-20T12:56:11.546Z'
- tailwind > datasette > lodash:
patched: '2020-06-20T12:56:11.546Z'
SNYK-JS-LODASH-567746:
- tailwind > lodash:
patched: '2020-06-20T12:56:11.546Z'
- tailwind > flaschenpost > lodash:
patched: '2020-06-20T12:56:11.546Z'
- tailwind > datasette > lodash:
patched: '2020-06-20T12:56:11.546Z'
