Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat: pass ignores to snyk iac test [cfg-2088] #3602

Merged
merged 1 commit into from
Aug 23, 2022
Merged

Feat: pass ignores to snyk iac test [cfg-2088] #3602

merged 1 commit into from
Aug 23, 2022

Conversation

ipapast
Copy link
Contributor

@ipapast ipapast commented Aug 17, 2022
edited
Loading

What does this PR do?

This commit adds the policy file to the config file. We use the existing "policy" library to find and load the policy file.
We have decided that we can only have one .snyk file per repo, so even if we scan multiple paths, we will use the current working directory to load the .snyk file from the root of the project.

Where should the reviewer start?

How should this be manually tested?

  • Make sure you have a .snyk file in the project root, or create one.
  • Try with one path
    snyk-dev iac test test/fixtures/iac/terraform/sg_open_ssh.tf --experimental

Then try with multiple paths and multiple .snyk files, it should only load the one from the project root.
snyk-dev iac test test/fixtures/iac/terraform/sg_open_ssh.tf test/fixtures/iac/terraform/var_deref/nested_var_deref/variables.tf --experimental

example output of the config file:

{
  "org": "my.org",
  "apiUrl": "https://api.snyk.io/v1",
  "apiAuth": "token basdasdasdasd23423423432",
  "allowAnalytics": true,
  "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.0\n# ignores vulnerabilities until expiry date; change duration by modifying expiry date\nignore:\n  SNYK-JS-ANSIREGEX-1583908:\n    - '*':\n        reason: Not affecting Snyk CLI. No upgrade path currently available\n        expires: 2022-02-01T00:00:00.000Z\n        created: 2021-11-29T17:25:19.200Z\n  SNYK-CC-K8S-4:\n    - test/fixtures/kubernetes/pod-privileged.yaml:\n        reason: None Given\n        expires: 2022-09-16T16:45:04.439Z\n        created: 2022-08-17T16:45:04.445Z\npatch: {}\n"
}

After https://github.com/snyk/snyk-iac-test/pull/93 is merged, update the checksums in this PR to include the snyk-iac-test version.

@ipapast ipapast mentioned this pull request Aug 17, 2022
Merged
1 task
@github-actions
Copy link
Contributor

github-actions bot commented Aug 17, 2022
edited
Loading

Warnings
⚠️

You've modified files in src/ directory, but haven't updated anything in test folder. Is there something that could be tested?

Generated by 🚫 dangerJS against 6d3ad76

@ipapast ipapast force-pushed the feat/pass-ignores-to-snyk-iac-test-CFG-2088 branch 2 times, most recently from b0d94ae to dc87e4f Compare August 19, 2022 16:33
@ipapast ipapast requested a review from YairZ101 August 19, 2022 16:35
@ipapast ipapast changed the title Feat/pass ignores to snyk iac test cfg 2088 Feat: pass ignores to snyk iac test [cfg-2088] Aug 19, 2022
@ipapast ipapast marked this pull request as ready for review August 19, 2022 16:36
@ipapast ipapast requested a review from a team as a code owner August 19, 2022 16:36
YairZ101
YairZ101 approved these changes Aug 21, 2022
View reviewed changes
Copy link
Contributor

@YairZ101 YairZ101 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM :)

@ipapast ipapast force-pushed the feat/pass-ignores-to-snyk-iac-test-CFG-2088 branch 2 times, most recently from 36b399f to b73ee00 Compare August 22, 2022 16:53
feat: pass policy (.snyk) to iac-test via the config file.
6d3ad76 
This commit adds the policy file to the config file. We use the existing "policy" library to find and load the policy file.
We have decided that we can only have one .snyk file per repo, so even if we scan multiple paths, we will use the current working directory to load the .snyk file from the root of the project.
@ipapast ipapast force-pushed the feat/pass-ignores-to-snyk-iac-test-CFG-2088 branch from b73ee00 to 6d3ad76 Compare August 23, 2022 11:52
@ipapast ipapast merged commit 42d4720 into master Aug 23, 2022
@ipapast ipapast deleted the feat/pass-ignores-to-snyk-iac-test-CFG-2088 branch August 23, 2022 14:38
@snyk-bot snyk-bot mentioned this pull request Apr 26, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@YairZ101 YairZ101 YairZ101 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ipapast @YairZ101