"Consistent Ignores", available to all Snyk users, is the brand new methodology for ignoring issues, replacing previous capabilities and methodologies from a workflow perspective. Starting June 19, 2025, this feature is enabled by default for all new customers for Snyk Code. Note that some capabilities, including API and Groups, are available to Snyk Enterprise Plan customers only.

Snyk takes pride in low false positives; however these can happen, in addition to situations where a vulnerability might be mitigated or the application might not even be deployed, causing the issues to be considered noise.

Snyk Code Consistent Ignores enables your security teams to prioritize triaging and driving the remediation of real issues and developers to ship code without interruption from noise!

The new experience:

• Empowers the team to focus on what matters
• Filters out false positives, accepted risks and inapplicable threats
• Provides a consistent experience across the SDLC (integrations, branches, and so on)

Differentiating the new and old methodologies

The new approach allows the security team or designees on the development team to set an ignore using the Web UI or API, which will be applied across Snyk Projects and throughout the SDLC, and respected across integrations and branches.

The previous methodology was focused on a specific instance of an issue within a Snyk project. Ignores were not consistently available in local testing using the IDE or CLI, or in security gate checks like PR checks or CI/CD tests.

The initial featureset is aligned with Snyk Code with the intention of bringing the features to more Snyk products (scan types) at a later time. Ignores can be created:

• Tactically - on the Web UI, while you are looking at an issue
• Broadly - with Snyk Code Security Policies
• Using the API

Ignores are persisted across branches, such as feature, developer, and default branches within a repository, and across all Snyk integrations, such that if you ignore in the WebUI, for example, you would see the issues ignored in your IDE, scans of your Git repository (SCM), and other integrations where scanning takes place.

Snyk Enterprise Customers

To change the setting for Consistent Ignores, someone with the appropriate administrator privileges will navigate to your Group settings, and on the General tab, choose the Ignores option, which controls how policies are applied to Organizations within the group.

Snyk Free and Team plan users

Enabled by default for all new users, this setting can be found by navigating to the Organization settings, and on the General tab, locating the Ignores section to enable.

The following sections will discuss how to create ignores, how they are applied, and integration-specific information.

SCM

Creating an ignore for a result from a monitored Git repository (SCM), such as GitHub, is a way to ignore a specific issue across all test surfaces. For example, if you ignore a specific prototype pollution vulnerability for a monitored repository like JuiceShop, all findings on that vulnerability path for that repository will be ignored across all integrations and surfaces like the CLI, IDE, Pull request checks, and Fix PR generation, just to name a few. In later sections of this lesson, we will discuss important considerations for associating Organization to successfully link ignores to what is created against the monitored project.

Video: 4m35s

In the following presentation you will learn

• How to create an ignore from monitored SCM results
• Different types of ignores
• Scope of ignores (across all branches, across all test surfaces, and all integrations)
• How to filter and edit ignores and why some can't be edited from this screen (Spoiler: due to the ignored issues being being Policy-based)

Policies

Ignore policies provide a mechanism to apply a broad brush for vulnerabilities where you see consistent trends. In this section, you will learn about Snyk Code Security Policies, which are available to Snyk Enterprise customers.

If you find that you are frequently ignoring many issues of a given type in a specific Project, you may decide that creating a broader policy is the right approach. Generally, it's recommended to start with specific ignores first, before moving to policies after you've identified common themes.

While this presentation demonstrates ignoring by CWE, you can also do so by rule ID, such as javascript/XSS. Finding the rule ID value is covered later in the "CLI Considerations" section.

Video: 4m30s

In the following presentation you will learn

• How to create a policy
• Policies are very broad (CWE)

API

The API, available to Enterprise customers, allows you to manage individual ignore rules at scale.

In the following IDE and CLI consideration presentations, you will learn how to extract the ID for referencing ignores. This ID is referenced in the snyk/asset/finding/v1 fingerprint for an vulnerability found in both the --json and --sarif data .

For more information on how to use the API for Consistent ignores, please refer to the Snyk documentation.

How Ignores are applied across integrations and additional considerations

In this section we'll cover

• How to ensure policy or rules apply
• Special considerations
• If you see an issue in those integrations, how can you obtain the information to create the ignore. As an example, what if you have new code you're writing and it is not found in the monitored code yet, and you want to request the security team ignore it?

It's important to emphasize that the key value for the CLI and for every other surface, ignored issues, are hidden by default to reduce noise and drive focus. This is ever so important in the test surfaces used by developers themselves, such as an IDE, the CLI, PR checks and, if implemented, pipeline checks that can fail the build.

CLI considerations

The CLI can be used locally or as part of a pipeline integration for CI/CD. It's important that when scanning the Project Snyk knows what Organization to associate the Project with, especially for applying ignore policies. Service accounts are implicitly associated, but if you are using cli locally, authorized with a personal account token, it's good practice to include the --org= attribute when running snyk code test.

Ignore policies and specific ignores will automatically be applied to CLI terminal output and for determining if the test command will return a pass/fail value.

Searching the JSON and SARIF outputs for the fingerprint of the vulnerability using snyk/asset/finding/v1 is discussed in the following video, and you can also search for the ruleID, for broadly ignoring an issue type by policy.

It's also very useful to know that you can specify to display ignored issues, and why they were ignored, in the CLI terminal output. Add --include-ignores to the snyk code test command to display ignored issues in the terminal output.

Video: 4m40s

In the following presentation, you will learn how to associate the Organization ID with the scan you are configuring

• Refer to set organization ID in the "Essential configuration" section of Snyk Learn's IDE Course)
• What happens if the Organization ID is not associated with the scan
• How the user can retrieve an issue ID for requesting an ignore be created
  • Specifically looking for "snyk/asset/finding/v1" in JSON and SARIF

IDE Considerations

The IDE is one of the most important test surfaces that Consistent Ignores has been built for, to drive reduction in noise and increase focus on what matters across integrations and branches.

An important reminder with setting the Organization:

• You can find the Organization IDs for the repositories you have access to by navigating to your instance of Snyk, navigating to the Organization you are working in, and clicking Settings.
• Alternatively, you can set your default Organization in your profile settings in the web interface.
• For more information or a walkthrough, see Using Snyk in an IDE, specifically the "Essential Configuration" and Organization-related sub-topics.

Video: 4m05s

In the following presentation you will learn

• How to set the Organization ID
• How ignores are created and reflected in the IDE
• That Legacy customers still have access to the prior ignore method but is disabled by default for new customers.
• How to retrieve the ID of an issue so that you can request that an ignore be created.

Customers who see the legacy ignore buttons and want them disabled can contact their Snyk account team or Snyk support to have them disabled.

By default, ignored issues are suppressed in reporting. Snyk's goal is to reduce noise and assist users in focusing on what matters; however it's also important to be able to review what was ignored and sometimes even unignore an issue or remove a policy that's been created. Sometimes an audit is even required!

Fret not though, project interfaces, reports, issue interfaces, and even CLI can be easily set to show ignored issues.

Project screen for Code Analysis

For the purposes of sharing and discussing vulnerabilities in the web interface, it's also worth noting there is a link that can be shared, with those that have access, next to the title of the vulnerability.

You can view all issues, or only ignored issues by checking the appropriate box on the side panel, or unchecking a box.

In addition, you can edit and unignore issues here, if they were not ignored by policy, if you have the correct permissions.

Report and Issue interfaces

The report and issue interfaces provide the means to hide or audit ignores through the Status field.

Cli

While the standard output reduces noise by not displaying ignored issues, you can review ignored issues in the CLI by adding --include-ignores in the snyk code test command, or by adding --json or --sarif to review the structured output in those formats. See the --json output and look for the issue with an associated ignoredon or ignoredby in the output, or look for the snyk/asset/finding/v1 entry for a specific issue that you know was ignored, which will have those fields.

It is important to note that snyk-to-html plugin does show all issues at this time, regardless of ignore status at this time.

API

Snyk Enterprise customers have access to the API for testing, management, and reporting. For more information on the Snyk API to manage programmatically and to scale, see the overview of: Consistent Ignores with Snyk API

Reviewing Ignore Policies

• Navigate to Policies and Snyk Code Security Policies at the Group level. For more information, see the "Policies" content above.
• API - See the overview of Consistent Ignores with the Snyk API .

The new experience replaces the previous methodology. Ignores created under the original methodology can be converted to the new methodology using the UI or at scale using the API. The following image demonstrates the Ignore across repository button that converts the ignore that was previously scoped to this individual project to an ignore that is applied throughout the repository, across branches and integrations.

If you are an existing customer with many ignores that you have already created, and want to migrate the ignores at scale, see: Convert Project-scoped ignores to asset-scoped ignores for options for bulk conversion in the Projects UI or using the API.