Snyk Rules
Developer security platform for finding and fixing vulnerabilities. Scan code, dependencies, containers, and IaC configs.
3 rules
.snyk Ignore Policy Standards
Intermediate
Enforce standards for Snyk ignore entries — every ignored vulnerability must have a documented reason, expiration date, and compensating controls in the .snyk policy file.
globs: **/.snyk
snyk-ignore, policy, risk-acceptance, compliance
View Rule
License Compliance Policy
Intermediate
Enforce open source license compliance with Snyk — define allowed, restricted, and prohibited licenses across all project dependencies for legal and compliance safety.
globs: **/package.json, **/requirements*.txt, **/go.mod, **/*.gemspec
license-compliance, open-source, legal, gpl
View Rule
Vulnerability Severity Policy
Beginner
Define organizational severity policies for Snyk findings — CRITICAL/HIGH block deployments, MEDIUM tracked in backlog, LOW logged for awareness with clear SLA timelines.
globs: **/.snyk, **/package.json, **/requirements*.txt
severity-policy, sla, vulnerability-management, triage
View Rule