Open snykerjames opened 3 years ago
Ack. Snyk-filter predates all-projects option but we'll take a look.
Any movement on this?
I have the same issue, when using --all-projects
with snyk test and feeding it to snyk-filter, it will produce invalid JSONs. Would be nice if I can provide developers with snyk-to-html output to better show why their deployment was stopped, instead of the plain output during a pipeline run.
hi @odlevakp This repository is not actively maintained, we are working on critical bug fixes only. However we can suggest you try something like this as a .sh
script, but it would generate individual results instead of 1 html file:
#!/bin/bash
set -euo pipefail
exit_code=0
echo 'Running snyk test --all-projects --json | snyk-filter'
for test in `snyk test --all-projects --json $* | jq -r '. | select(.[] or .vulnerabilities) | @base64'`; do
project_exit_code=$?
exit_code+=$project_exit_code
project="$(echo ${test} | base64 --decode | jq -r '.displayTargetFile')"
echo ${test} | base64 --decode | snyk-filter -f ./filter-high-vulns-upgradeable.yml --json |snyk-to-html -o results-${project}.html
done
exit $exit_code
Using: snyk@1.651.0 snyk-filter@1.1.0 snyk-to-html@2.0.1
When run with the
--all-projects
JSON input from the Snyk CLI,snyk-filter
produces invalid JSON output, as illustrated in the following example withsnyk-to-html
:Attached are the JSON outputs from the Snyk CLI and from snyk-filter, along with a copy of the filter that was used. supporting-docs.zip
It appears the difference between the two outputs is that the CLI output contains an array of snyk projects, but the
snyk-filter
output is a concatenation of these.