I have pushed a react solution into devops repository and created one pipeline for build and scans.
We are using snyk scan to scan the solution; here is the yaml code of snykscan:
scanSnyk: true
SKFailOnIssues: true
SkServiceConnection: 'SnykServer'
SkOrganization: 'F*******-****-****-***-******a'
SkAdditionalArgs: '--all-projects --detection-depth=6'
APP360ID: 'S*-****9'
Below are my scan results; how to resolve the error of snykscan?
snyk scan results from agent window:
2
Answers
Just to be clear, are you asking how to remediate the issues found?
If so it’s very easy to do in the CLI where it’s letting you know in each section when the issue was fixed ("issue was fixed in …"). You can simply update to that package version, re-install in the CLI and the issue will disappear from your list.
The issues shown tell you that you have dependencies that could be vulnerable.
In this case snyk shows you the dependency tree, since certain vulnerabilities are not directly in your dependencies, but in the dependencies of your dependencies.
To solve it you can update the version of your dependency as indicated by snyk. Example: "This issue was fixed in version: 2.0.1"
When snyk does not give you a solution, what you can do is temporarily ignore this vulnerability, and discuss it with your managers to see how they would address this type of vulnerability.
I leave you the link of how you can ignore some vulnerabilities. I suggest you always add the comment why you ignore.
I remember that the .snyk file should be next to your manifest file (dependencies file)