Open jasonjkeller opened 4 years ago
Works on my box:
$ npx snyk test --all-sub-projects
Testing /Users/jplumb/code/jfr-reporter...
Organization: jplumbnewrelic.com
Package manager: npm
Target file: package-lock.json
Project name: jfr-reporter
Open source: no
Project path: /Users/jplumb/code/jfr-reporter
Licenses: enabled
✓ Tested 390 dependencies for known issues, no vulnerable paths found.
Tip: Detected multiple supported manifests (1), use --all-projects to scan all of them at once.
Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.
[Wed Sep 30 10:37:53] {~/code/jfr-reporter}
$ echo $?
0
I'll look at adding the github action.
It's still failing. It also passes when run through the github actions tool I was able to reproduce with act
act
. So frustrating.
I spent some time on this and could NOT get it to work. The snyk CLI does not yet support java 14 so we might not be able to resolve this in the short term. I'm going to reprioritize it for now.
This project uses the Kotlin DSL for the
build.gradle.kts
which means that Snyk needs to configured via thesnyk
cli tool. However it isn't working due to the error described in the summary below.npm install -g snyk
snyk auth
snyk test --all-sub-projects
snyk monitor --org=java-agent
Summary
I can’t seem to add snyk to this repo because of the following error:
It’s a bit cryptic but I think the crucial part is this, where there appears to be an incompatible cyclic dependency due to the
jfr-mappers
library targeting Java 11: