CircleCI-Public / circleci-cli

Use CircleCI from the command line
https://circleci-public.github.io/circleci-cli/
MIT License
404 stars 233 forks source link

Add Snyk scanning & monitoring #974

Closed ryan-wren closed 11 months ago

ryan-wren commented 11 months ago

Checklist

=========

Internal Checklist

Changes

=======

Rationale

=========

The Snyk scans should only create a snapshot during CI when the changes are on the main branch.

Considerations

==============

Why you made some of the technical decisions that you made, especially if the reasoning is not immediately obvious

Screenshots

============

Before

Image or gif

After

Image or gif where change can be clearly seen

Here are some helpful tips you can follow when submitting a pull request:

  1. Fork the repository and create your branch from main.
  2. Run make build in the repository root.
  3. If you've fixed a bug or added code that should be tested, add tests!
  4. Ensure the test suite passes (make test).
  5. The --debug flag is often helpful for debugging HTTP client requests and responses.
  6. Format your code with gofmt.
  7. Make sure your code lints (make lint). Note: This requires Docker to run inside a local job.
vallieres commented 11 months ago

For testing purposes, I would switch the condition around the branch, to run run a snyk monitor, and then go here: https://app.snyk.io/org/circleci-public/projects?groupBy=targets&searchQuery=circleci-cli&sortBy=highest+severity&filters%5BShow%5D=&filters%5BIntegrations%5D=&before&after and delete the newly created projects.

This way you can test it without merging to main.

ryan-wren commented 11 months ago

Messed up during git rebase 🤦🏾‍♂️ . I'll open a new PR with these changes.

ryan-wren commented 11 months ago

Closing this PR in favor of https://github.com/CircleCI-Public/circleci-cli/pull/978