Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

provide binaries for snyk-filter #79

Open
scott-es opened this issue Aug 26, 2021 · 1 comment
Open

provide binaries for snyk-filter #79

scott-es opened this issue Aug 26, 2021 · 1 comment

Comments

@scott-es
Copy link
Contributor

package snyk-filter executable to the release assets section, as it is being done with other tools

@cpolzer
Copy link

cpolzer commented Nov 25, 2022

Hey Scotte,

also please think about including this into the basic snyk images. The biggest usecase probably is to use it in CI pipelines.
And there the needed NPM install becomes a problem in case deprecated dependencies for example are somehow a problem, or globally installing npm packages on build agents.

Edit: thinking about that, it would be super nice if the azure devops extention would include installing the snyk-filters.

Why I have an interest in this:
The problem is with the "snyk test" threshold, that it also filters out findings below that threshold. At least last time I checked with the azure devops extension.

I just implemented it as an Azure DevOps Pipeline Template, completely without javascript:

parameters:
- name: snyk_filter_config
  type: string
  default: '.snyk-filter/snyk.yml'
- name: snyk_report_json
  type: string
  default: '$(Agent.TempDirectory)/vuln-$(Build.BuildId).json'

steps:
- task: PythonScript@0
  displayName: "👹 Vulnerability build breaker"
  inputs:
    scriptSource: 'inline'
    script: |
        import yaml
        import subprocess
        import sys

        with open( '${{ parameters.snyk_filter_config }}' ) as file:
          filter_config = yaml.load(file, Loader=yaml.FullLoader)

        command = "cat ${{ parameters.snyk_report_json }}"
        
        custom_filters = filter_config["customFilters"]
        
        command = command  + " | jq '%s | %s '" % (custom_filters["filter"], custom_filters["pass"])
        print("##[info]", "Compiled filter command is: ", command)
        
        count_filtered = subprocess.getoutput(command)
        
        if int(count_filtered) > 0:
            print("##vso[task.logissue type=error]", custom_filters["msg"])
            print("##vso[task.complete result=Failed;]", custom_filters["msg"])
    failOnStderr: true

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants