We wanted to use snyk-delta in a Bitbucket pipeline to detect whether a Pull Request introduces new vulnerabilities. Because there are many different destination branches ('team/xyz', 'release/123' etc) we cannot simply use snyk test --json --print-dep | snyk-delta since the delta baseline is different depending on the destination branch of the PR.
It would be really useful to be able to run a script along the lines of:
snyk test --json --print-dep > snyk.json
git checkout $BITBUCKET_PR_DESTINATION_BRANCH
snyk test --json --print-dep > snyk-baseline.json
snyk-delta --input snyk.json --baselineJson snyk-baseline.json
We wanted to use
snyk-deltain a Bitbucket pipeline to detect whether a Pull Request introduces new vulnerabilities. Because there are many different destination branches ('team/xyz', 'release/123' etc) we cannot simply usesnyk test --json --print-dep | snyk-deltasince the delta baseline is different depending on the destination branch of the PR.It would be really useful to be able to run a script along the lines of: