devops-kung-fu / bomber

Scans Software Bill of Materials (SBOMs) for security vulnerabilities
https://devops-kung-fu.github.io/bomber/
Mozilla Public License 2.0
510 stars 45 forks source link

Make Snyk API URL configurable #215

Open moxli opened 7 months ago

moxli commented 7 months ago

I am trying to use bomber with Snyk and get the following error:

/ Fetching vulnerability data from snykΓûá could not infer userΓÇÖs Snyk organization: unable to retrieve org ID (status: 401 Unauthorized)

This is due to the fact that Snyk provides regional hosting in the EU and Australia with each region having their own API endpoints. In this case I am using an API token for an EU based account.

API URLs Follow the docs as usual, but base URLs are: EU

API v1: https://api.eu.snyk.io/v1/ REST API: https://api.eu.snyk.io/rest/ AU

API v1: https://api.au.snyk.io/v1/ REST API: https://api.au.snyk.io/rest/

Source: https://docs.snyk.io/working-with-snyk/regional-hosting-and-data-residency#api-urls

mcombuechen commented 2 days ago

Just opened a PR for this here: #268