add repo name to Snyk project name

rstudio / rsconnect-jupyter

Publish Jupyter notebooks to RStudio Connect

GNU General Public License v2.0

25 stars 6 forks source link

add repo name to Snyk project name #361

Closed mmarchetti closed 1 year ago

mmarchetti commented 1 year ago

Intent

The Snyk reports include projects named things like "requirements.txt" and "Pipfile" with no indication of which git repo they originate from.

Type of Change

[x] Bug Fix
[ ] New Feature
[ ] Breaking Change

Approach

Update project name in snyk.yml.

Automated Tests

No tests since this is a GHA configuration change.

Checklist

[ ] I have updated CHANGELOG.md to cover notable changes.
[ ] I have updated all related GitHub issues to reflect their current state.

Lytol commented 1 year ago

I don't think that you want to do it this way. Snyk uses the remote repo URL as the "Project Group" name (which is what you want), and then each type of scan within the repo should have a unique project name. In this instance, you are using the same project name for two different types of scans (the Python requirements and the Node packages)... which will cause unintended issues.