anselmbradford
commented
6 years ago @ascott1 Since we're trialling snyk.io accounts, is having a command in the project necessary?
Open anselmbradford opened 6 years ago
anselmbradford
commented
6 years ago @ascott1 Since we're trialling snyk.io accounts, is having a command in the project necessary?
ascott1
commented
6 years ago Since we're trialling snyk.io accounts, is having a command in the project necessary?
I'd lean towards no, assuming we have a process for monitoring/resolving snyk alerts.
saracope
commented
5 years ago Is this still an issue you want help on? Wasn't sure based on the conversation above. Thanks!
anselmbradford
commented
5 years ago Hi @saracope,
We could use a section in above https://cfpb.github.io/consumerfinance.gov/other-front-end-testing/#performance-testing for "Security testing" that lists running yarn test (formerly npm test) to run the snyk tests. We also have https://github.com/cfpb/cfgov-refresh/issues/2303, but looks like I ran into issues there.
Current behavior
snykdependency is used for runningnpm run test, however, this requires an authenticated snyk account. (snyk test requires an authenticated account. Please runsnyk authand try again.). There is documentation on why snyk is in the project or how it should be setup.Expected behavior
npm run testis documented in the project testing docs.