diff --git a/package.json b/package.json
index e3427df4c54..64740bb2ac5 100644
--- a/package.json
+++ b/package.json
@@ -130,7 +130,7 @@
     "snyk-nodejs-lockfile-parser": "1.35.0",
     "snyk-nuget-plugin": "1.22.0",
     "snyk-php-plugin": "1.9.2",
-    "snyk-policy": "1.19.0",
+    "snyk-policy": "1.22.0",
     "snyk-python-plugin": "1.19.11",
     "snyk-resolve": "1.1.0",
     "snyk-resolve-deps": "4.7.2",
diff --git a/packages/snyk-protect/test/fixtures/fix-pr/.snyk b/packages/snyk-protect/test/fixtures/fix-pr/.snyk
index 1556f2684fe..492a3d2b564 100644
--- a/packages/snyk-protect/test/fixtures/fix-pr/.snyk
+++ b/packages/snyk-protect/test/fixtures/fix-pr/.snyk
@@ -1,5 +1,5 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.19.0
+version: v1.22.0
 ignore: {}
 # patches apply the minimum changes required to fix a vulnerability
 patch:
diff --git a/packages/snyk-protect/test/fixtures/multiple-matching-paths/.snyk b/packages/snyk-protect/test/fixtures/multiple-matching-paths/.snyk
index b4708a538da..edc336ce425 100644
--- a/packages/snyk-protect/test/fixtures/multiple-matching-paths/.snyk
+++ b/packages/snyk-protect/test/fixtures/multiple-matching-paths/.snyk
@@ -1,5 +1,5 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.19.0
+version: v1.22.0
 ignore: {}
 # patches apply the minimum changes required to fix a vulnerability
 patch:
@@ -22,4 +22,3 @@ patch:
         patched: '2021-02-17T13:43:51.857Z'
     - tap > nyc > istanbul-lib-instrument > babel-template > babel-traverse > babel-types > lodash:
         patched: '2021-02-17T13:43:51.857Z'
-
diff --git a/packages/snyk-protect/test/fixtures/no-matching-paths/.snyk b/packages/snyk-protect/test/fixtures/no-matching-paths/.snyk
index b4708a538da..edc336ce425 100644
--- a/packages/snyk-protect/test/fixtures/no-matching-paths/.snyk
+++ b/packages/snyk-protect/test/fixtures/no-matching-paths/.snyk
@@ -1,5 +1,5 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.19.0
+version: v1.22.0
 ignore: {}
 # patches apply the minimum changes required to fix a vulnerability
 patch:
@@ -22,4 +22,3 @@ patch:
         patched: '2021-02-17T13:43:51.857Z'
     - tap > nyc > istanbul-lib-instrument > babel-template > babel-traverse > babel-types > lodash:
         patched: '2021-02-17T13:43:51.857Z'
-
diff --git a/packages/snyk-protect/test/fixtures/single-patchable-module/.snyk b/packages/snyk-protect/test/fixtures/single-patchable-module/.snyk
index 647f14d2232..d81fa9436aa 100644
--- a/packages/snyk-protect/test/fixtures/single-patchable-module/.snyk
+++ b/packages/snyk-protect/test/fixtures/single-patchable-module/.snyk
@@ -1,5 +1,5 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.19.0
+version: v1.22.0
 ignore: {}
 # patches apply the minimum changes required to fix a vulnerability
 patch:
@@ -22,4 +22,3 @@ patch:
         patched: '2021-02-17T13:43:51.857Z'
     - 'tap > nyc > istanbul-lib-instrument > babel-template > babel-traverse > babel-types > lodash':
         patched: '2021-02-17T13:43:51.857Z'
-
diff --git a/packages/snyk-protect/test/fixtures/target-module-exists-but-no-patches-for-version/.snyk b/packages/snyk-protect/test/fixtures/target-module-exists-but-no-patches-for-version/.snyk
index b4708a538da..edc336ce425 100644
--- a/packages/snyk-protect/test/fixtures/target-module-exists-but-no-patches-for-version/.snyk
+++ b/packages/snyk-protect/test/fixtures/target-module-exists-but-no-patches-for-version/.snyk
@@ -1,5 +1,5 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.19.0
+version: v1.22.0
 ignore: {}
 # patches apply the minimum changes required to fix a vulnerability
 patch:
@@ -22,4 +22,3 @@ patch:
         patched: '2021-02-17T13:43:51.857Z'
     - tap > nyc > istanbul-lib-instrument > babel-template > babel-traverse > babel-types > lodash:
         patched: '2021-02-17T13:43:51.857Z'
-
diff --git a/src/cli/commands/test/iac-local-execution/policy.ts b/src/cli/commands/test/iac-local-execution/policy.ts
index 5a0265541df..32cfa53f18a 100644
--- a/src/cli/commands/test/iac-local-execution/policy.ts
+++ b/src/cli/commands/test/iac-local-execution/policy.ts
@@ -8,7 +8,9 @@ export function filterIgnoredIssues(
   if (!policy) {
     return { filteredIssues: results, ignoreCount: 0 };
   }
-  const vulns = results.map((res) => policy.filter(toIaCVulnAdapter(res)));
+  const vulns = results.map((res) =>
+    policy.filter(toIaCVulnAdapter(res), undefined, 'exact'),
+  );
   const ignoreCount: number = vulns.reduce(
     (totalIgnored, vuln) => totalIgnored + vuln.filtered.ignore.length,
     0,
@@ -44,10 +46,8 @@ function toIaCVulnAdapter(result: FormattedResult): IacVulnAdapter {
         // splice.
         // Insert the targetFile into the path so that it is taken into account
         // when determining whether an ignore rule should be applied.
-        // Insert garbage into the first element because the policy library
-        // ignores it.
         const path = [...annotatedResult.cloudConfigPath];
-        path.splice(0, 0, 'GARBAGE', result.targetFile);
+        path.splice(0, 0, result.targetFile);
 
         return {
           id: cloudConfigResult.id,
@@ -73,7 +73,7 @@ function toFormattedResult(adapter: IacVulnAdapter): FormattedResult {
         // including target file context. As that logic changes, so must this.
         const annotatedResult = res as AnnotatedResult;
         const significantPath = [...annotatedResult.cloudConfigPath];
-        significantPath.splice(0, 0, 'GARBAGE', original.targetFile);
+        significantPath.splice(0, 0, original.targetFile);
 
         if (vuln.from.length !== significantPath.length) {
           return false;
diff --git a/src/lib/policy/find-and-load-policy.ts b/src/lib/policy/find-and-load-policy.ts
index 0de740f6c28..c93004fb9a3 100644
--- a/src/lib/policy/find-and-load-policy.ts
+++ b/src/lib/policy/find-and-load-policy.ts
@@ -51,5 +51,5 @@ export async function findAndLoadPolicy(
 }
 
 export interface Policy {
-  filter(vulns: any): any;
+  filter(vulns: any, root?: string, matchStrategy?: string): any;
 }
diff --git a/test/acceptance/workspaces/npm-package-policy/.snyk b/test/acceptance/workspaces/npm-package-policy/.snyk
index 81bbb06bcfb..712697f552c 100644
--- a/test/acceptance/workspaces/npm-package-policy/.snyk
+++ b/test/acceptance/workspaces/npm-package-policy/.snyk
@@ -1,5 +1,5 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.19.0
+version: v1.22.0
 # ignores vulnerabilities until expiry date; change duration by modifying expiry date
 ignore:
   'npm:marked:20170907':
diff --git a/test/acceptance/workspaces/npm-package-policy/custom-location/.snyk b/test/acceptance/workspaces/npm-package-policy/custom-location/.snyk
index af347397f97..5b18918f689 100644
--- a/test/acceptance/workspaces/npm-package-policy/custom-location/.snyk
+++ b/test/acceptance/workspaces/npm-package-policy/custom-location/.snyk
@@ -1,5 +1,5 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.19.0
+version: v1.22.0
 # ignores vulnerabilities until expiry date; change duration by modifying expiry date
 ignore:
   'npm:marked:20170907':
diff --git a/test/acceptance/workspaces/npm-with-dep-missing-policy/.snyk b/test/acceptance/workspaces/npm-with-dep-missing-policy/.snyk
index 74dd69b5d77..6e47868fd5e 100644
--- a/test/acceptance/workspaces/npm-with-dep-missing-policy/.snyk
+++ b/test/acceptance/workspaces/npm-with-dep-missing-policy/.snyk
@@ -1,5 +1,5 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.19.0
+version: v1.22.0
 ignore: {}
 # patches apply the minimum changes required to fix a vulnerability
 patch:
diff --git a/test/fixtures/protect-lodash-skip/.snyk b/test/fixtures/protect-lodash-skip/.snyk
index 514783394b2..c6cdac88a1e 100644
--- a/test/fixtures/protect-lodash-skip/.snyk
+++ b/test/fixtures/protect-lodash-skip/.snyk
@@ -1,5 +1,5 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.19.0
+version: v1.22.0
 ignore: {}
 # patches apply the minimum changes required to fix a vulnerability
 
diff --git a/test/fixtures/protect-semver/.snyk b/test/fixtures/protect-semver/.snyk
index be7f00be76e..7e92d85d4f6 100644
--- a/test/fixtures/protect-semver/.snyk
+++ b/test/fixtures/protect-semver/.snyk
@@ -1,5 +1,5 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.19.0
+version: v1.22.0
 ignore: {}
 # patches apply the minimum changes required to fix a vulnerability
 patch:
diff --git a/test/jest/unit/iac-unit-tests/fixtures/policy-ignore-file-path-non-matching.yml b/test/jest/unit/iac-unit-tests/fixtures/policy-ignore-file-path-non-matching.yml
index 90ec95ab1de..63d216ce877 100644
--- a/test/jest/unit/iac-unit-tests/fixtures/policy-ignore-file-path-non-matching.yml
+++ b/test/jest/unit/iac-unit-tests/fixtures/policy-ignore-file-path-non-matching.yml
@@ -3,7 +3,7 @@ version: v1.19.0
 # ignores vulnerabilities until expiry date; change duration by modifying expiry date
 ignore:
   SNYK-CC-K8S-1:
-    - 'wrong.yaml':
+    - 'wrong.yaml > *':
         reason: None Given
         created: 2021-07-26T13:09:08.459Z
 patch: {}
diff --git a/test/jest/unit/iac-unit-tests/fixtures/policy-ignore-file-path-wrong-dir.yml b/test/jest/unit/iac-unit-tests/fixtures/policy-ignore-file-path-wrong-dir.yml
new file mode 100644
index 00000000000..712488aabeb
--- /dev/null
+++ b/test/jest/unit/iac-unit-tests/fixtures/policy-ignore-file-path-wrong-dir.yml
@@ -0,0 +1,9 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.19.0
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  SNYK-CC-K8S-1:
+    - 'wrong/k8s.yaml > [DocId: 0] > input > spec > template > spec > containers[web] > securityContext > privileged':
+        reason: None Given
+        created: 2021-07-26T13:09:08.459Z
+patch: {}
diff --git a/test/jest/unit/iac-unit-tests/fixtures/policy-ignore-file-path.yml b/test/jest/unit/iac-unit-tests/fixtures/policy-ignore-file-path.yml
index 6049b003f26..425210fe878 100644
--- a/test/jest/unit/iac-unit-tests/fixtures/policy-ignore-file-path.yml
+++ b/test/jest/unit/iac-unit-tests/fixtures/policy-ignore-file-path.yml
@@ -3,7 +3,7 @@ version: v1.19.0
 # ignores vulnerabilities until expiry date; change duration by modifying expiry date
 ignore:
   SNYK-CC-K8S-1:
-    - 'k8s.yaml':
+    - 'k8s.yaml > *':
         reason: None Given
         created: 2021-07-26T13:09:08.459Z
 patch: {}
diff --git a/test/jest/unit/iac-unit-tests/policy.spec.ts b/test/jest/unit/iac-unit-tests/policy.spec.ts
index aec6cf8a00d..55209af5e1d 100644
--- a/test/jest/unit/iac-unit-tests/policy.spec.ts
+++ b/test/jest/unit/iac-unit-tests/policy.spec.ts
@@ -115,6 +115,14 @@ describe('filtering ignored issues', () => {
     expect(ignoreCount).toEqual(1);
   });
 
+  it('filters no issues when path is file path in the wrong directory', async () => {
+    const { fixture, filtered, ignoreCount } = await filterFixture(
+      'policy-ignore-file-path-wrong-dir.yml',
+    );
+    expect(filtered).toEqual(fixture);
+    expect(ignoreCount).toEqual(0);
+  });
+
   it('filters no issues when path is non-matching file path', async () => {
     const { fixture, filtered, ignoreCount } = await filterFixture(
       'policy-ignore-file-path-non-matching.yml',