skip to Main Content

I have pushed a react solution into devops repository and created one pipeline for build and scans.

We are using snyk scan to scan the solution; here is the yaml code of snykscan:

    scanSnyk: true
    SKFailOnIssues: true
    SkServiceConnection: 'SnykServer'
    SkOrganization: 'F*******-****-****-***-******a'
    SkAdditionalArgs: '--all-projects --detection-depth=6'
    APP360ID: 'S*-****9'

Below are my scan results; how to resolve the error of snykscan?

snyk scan results from agent window:

snyk scan results from agent window

2

Answers


  1. Just to be clear, are you asking how to remediate the issues found?
    If so it’s very easy to do in the CLI where it’s letting you know in each section when the issue was fixed ("issue was fixed in …"). You can simply update to that package version, re-install in the CLI and the issue will disappear from your list.

    Login or Signup to reply.
  2. The issues shown tell you that you have dependencies that could be vulnerable.
    In this case snyk shows you the dependency tree, since certain vulnerabilities are not directly in your dependencies, but in the dependencies of your dependencies.
    To solve it you can update the version of your dependency as indicated by snyk. Example: "This issue was fixed in version: 2.0.1"

    When snyk does not give you a solution, what you can do is temporarily ignore this vulnerability, and discuss it with your managers to see how they would address this type of vulnerability.

    I leave you the link of how you can ignore some vulnerabilities. I suggest you always add the comment why you ignore.
    I remember that the .snyk file should be next to your manifest file (dependencies file)

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search