vulnlog suppress

Generates suppression files for SCA scanners. These files contain vulnerability identifiers that instruct the scanner to exclude the corresponding findings.

vulnlog suppress <file> [flags]

Flag Description

Flag	Description
`-o, --output <path>`	Output directory, or `-` to write to stdout. Defaults to current directory.
`--reporter <value>`	Filter on reporter.
`--release <text>`	Filter on release, include all releases up to and including that release.
`--tag <text>`	Filter on tags. Use multiple times to filter on multiple tags.
`-`	Use as the file argument to read from STDIN.

-o, --output <path>

Output directory, or - to write to stdout. Defaults to current directory.

--reporter <value>

Filter on reporter.

--release <text>

Filter on release, include all releases up to and including that release.

--tag <text>

Filter on tags. Use multiple times to filter on multiple tags.

-

Use as the file argument to read from STDIN.

Create suppression files for all reporters

vulnlog suppress full-example.vl.yaml
Suppression file created at: /path/to/.snyk
Suppression file created at: /path/to/.trivyignore.yaml

Create suppression for releases up to and including 8.1.1 and reporter snyk

vulnlog suppress full-example.vl.yaml --release 8.1.1 --reporter snyk
Suppression file created at: /path/to/.snyk

Read from STDIN and write to STDOUT.

vulnlog suppress --reporter trivy - -o - < full-example.vl.yaml > .myTrivy

Writing to stdout with -o - requires --reporter to select a single reporter. Multiple suppression files cannot be written to stdout simultaneously.

Output Examples

Generated Snyk suppression file

---
ignore:
  SNYK-JAVA-TOOLSJACKSONCORE-15907550:
  - '*':
      reason: The affected `StreamReadConstraints` is not used in the application.

Generated Trivy suppression file

---
vulnerabilities:
- id: GHSA-2m67-wjpj-xhg9
  statement: The affected `StreamReadConstraints` is not used in the application.