Rules to test and monitor your open source (external) dependencies with Snyk
Current support is limited to maven OSS for projects using rules_jvm_external
Support for additional OSS types is forthcoming, in order of priority:
- go modules (rules_go)
- pip (rules_python)
- npm (rules_nodejs)
- others in order of priority
Load the rules into your WORKSPACE to make them available
load("@bazel_tools//tools/build_defs/repo:git.bzl", "git_repository")
git_repository(
name = "rules_snyk",
remote = "https://github.com/snyk-labs/rules_snyk.git",
commit = "1d9bd57",
)
load("@rules_snyk//:repositories.bzl", "rules_snyk_repos")
rules_snyk_repos()
load("@rules_python//python:pip.bzl", "pip_parse")
pip_parse(
name = "snyk_py_deps",
requirements_lock = "@rules_snyk//third_party:requirements.txt",
)
load("@snyk_py_deps//:requirements.bzl", install_snyk_deps = "install_deps")
install_snyk_deps()
Maven example
load("@rules_snyk//:defs.bzl", "snyk_maven")
snyk_maven(
name = "snyk",
target = ":lib",
snyk_organization_id = "<snyk_org_id>"
)
snyk_maven is a macro, such that when the target is built, e.g.
bazel build :lib
Additional targets will automatically be created for Snyk . In this example, those would be
:snyk_test
:snyk_monitor
Invocation
environment variables:
SNYK_TOKENrequired to authenticate to SnykSNYK_ORG_IDnot required if specifyingsnyk_organization_idin theBUILDfile
To test for issues with Snyk
bazel run :snyk_test
To monitor the target in Snyk
bazel run :snyk_monitor
TBD