Configuring Security Policies

Snyk enables organizations to define and enforce security policies across all container images:

# .snyk policy file
version: v1.0.0
ignore:
  SNYK-JS-LODASH-567746:
    - '*':
        reason: This vulnerability doesn't affect our usage
        expires: '2024-12-31T23:59:59.999Z'
        
patch: {}

# Organization-wide policy (set via Snyk UI or API)
{
  "name": "Container Security Policy",
  "description": "Minimum security standards for production containers",
  "enabled": true,
  "rules": [
    {
      "name": "Block critical vulnerabilities",
      "enabled": true,
      "severity": "critical",
      "action": "block"
    },
    {
      "name": "Warn on high vulnerabilities",
      "enabled": true,
      "severity": "high",
      "action": "warn"
    },
    {
      "name": "Require base image updates",
      "enabled": true,
      "type": "base-image-out-of-date",
      "action": "block"
    }
  ]
}