How Do You Configure Snyk’s Threshold Level in Azure DevOps Pipelines?

Problem scenario
You are troubleshooting a pipeline in Azure DevOps. You look at the task's log output. You see a security-threshold flag in a CLI with the value of "low", "medium", "high" or "critical" that you think is incorrect or discrepant with another setting. How do you get the flag to be set to the security threshold level of your choice?

Background
The ultimate Snyk command that is run (or commands that are run) is (or are) created from various underlying settings, YAML files, or tasks. The setting you choose will filter events at and above that security threshold level. There are different places to configure the threshold (e.g., with custom tasks, variables or multiple Snyk tasks).

Possible solution #1
Look at each Snyk task in your pipeline in the GUI. Does it have a "Testing severity threshold" drop down? Be sure to check every Snyk task. Make sure the drop down is set to what you want. Here is an example:

Possible solution #2
Check your pipeline's Variables tab. Maybe a variable is being injected in the composition step of a Snyk command. Is there a variable set to "low", "medium", "high" or "critical"?

Possible solution #3
Look at the YAML files of your Snyk tasks. You may be able to deduce what needs to change.

You may want to view this link for more information:
https://github.com/snyk/snyk-azure-pipelines-task

Leave a comment

Your email address will not be published. Required fields are marked *