英文:
Can snyk be configured to ignore all issues for a particular maven dependency?
问题
我想澄清一些关于 snyk ignore 的问题。
是否可以配置 .snyk 文件 来忽略特定 Maven 依赖项的所有问题。
https://docs.snyk.io/snyk-cli/commands/ignore
ignore:
'*': //<ISSUE_ID> 所有问题
- 'maven依赖路径': // <PATH_TO_RESOURCE>
reason: <原因>
expires: <到期日期>
我认为这可能行不通,因为这里需要指定问题的 ID。无论如何,我会感激任何建议。
英文:
I would like to clarify some moments regarding snyk ignore.
Is it possible to configure .snyk file to ignore all kinds of issues for a particular maven dependency.
https://docs.snyk.io/snyk-cli/commands/ignore
ignore:
'*': //<ISSUE_ID> all issues
- 'path to maven dependecny': // <PATH_TO_RESOURCE>
reason: <REASON>
expires: <EXPIRY>
I suppose it will not work as here issues' ids should be specified.
Anyway. I would be grateful for any piece of advice.
答案1
得分: 1
今天的 .snyk 文件可以忽略以下内容:
- 一个文件
- 一个文件夹
- 一个问题 ID(漏洞或许可问题)
但今天它不允许忽略特定的依赖项。如果您拥有企业计划,您可以在组级别的策略选项卡中批量忽略与此依赖项相关的 CVE,尽管这不是理想的解决办法。
您也可以在界面上使用忽略按钮,但这将基于每个项目和每个漏洞的基础。
英文:
Today the .snyk file can ignore:
- a file
- a folder
- a issue ID (vulnerability or license issue)
Today it doesn't allow to ignore a specific dependency. If you have an Enterprise plan you may ignore at scale the CVEs associated to this dependency in the Policies tab in the Group level today, it is not ideal but some kind of workaround.
You may also use the ignore button in the UI but it will be on a per-project per-vuln basis
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论