Merge pull request #100 from snyk-tech-services/develop

release changes

README.md

@@ -7,9 +7,10 @@ snyk-filter takes the JSON outputted from the [Snyk CLI](https://support.snyk.io
 
 [![Known Vulnerabilities](https://snyk.io//test/github/snyk-tech-services/snyk-filter/badge.svg?targetFile=package.json)](https://snyk.io//test/github/snyk-tech-services/snyk-filter?targetFile=package.json)
 [![CircleCI](https://circleci.com/gh/snyk-tech-services/snyk-filter.svg?style=svg)](https://circleci.com/gh/snyk-tech-services/snyk-filter)
-[![Not Maintained](https://img.shields.io/badge/Maintenance%20Level-Not%20Maintained-yellow.svg)](https://gist.github.com/cheerfulstoic/d107229326a01ff0f333a1d3476e068d)
+[![Inactively Maintained](https://img.shields.io/badge/Maintenance%20Level-Inactively%20Maintained-yellowgreen.svg)](https://gist.github.com/cheerfulstoic/d107229326a01ff0f333a1d3476e068d)
 
-**This repository is not in active developemnt and critical bug fixes only will be considered.**
+
+**This repository is in maintenance mode, no new features are being developed. Bug & security fixes will continue to be delivered. Open source contributions are welcome for small features & fixes (no breaking changes)**
 
 # How do I use it?
 

lib/snyk-filter.js

@@ -154,7 +154,7 @@ function pass(data, passString, passFailMsg) {
     jq.run(query, data, options)
       .then((output) => {
         if (output == 0) {
-          console.warn(
+          console.info(
             `${chalk.yellow(
               data.projectName || data.path
             )} - No issues found after custom filtering`

package.json

@@ -4,8 +4,8 @@
   "description": "Module to consume json output from Snyk CLI for advanced filtering and results display",
   "main": "index.js",
   "scripts": {
-    "test": "snyk test && mocha ./tests && npm run lint",
-    "snyk-protect": "snyk protect",
+    "test": "npx snyk test && mocha ./tests && npm run lint",
+    "snyk-protect": "snyk-protect",
     "prepare": "npm run snyk-protect",
     "lint": "prettier --check **/*.js",
     "format": "prettier --write **/*.js"
@@ -16,18 +16,21 @@
     "snyk-filter": "./index.js"
   },
   "dependencies": {
+    "@snyk/protect": "1.1022.0",
     "chalk": "^2.3.2",
-    "debug": "^4.3.4",
-    "is-relative": "^1.0.0",
-    "js-yaml": "^3.13.1",
-    "lodash": "^4.17.21",
-    "minimist": "^1.2.6",
-    "node-jq": "^1.12.0",
-    "snyk": "^1.946.0"
+    "debug": "4.3.4",
+    "is-relative": "1.0.0",
+    "js-yaml": "4.1.0",
+    "lodash": "4.17.21",
+    "minimist": "1.2.6",
+    "node-jq": "2.3.4"
   },
   "devDependencies": {
     "mocha": "^5.0.4",
     "prettier": "^2.2.1"
   },
+  "engines": {
+    "node": ">=10"
+  },
   "snyk": true
 }

sample-filters/example-more-than-n-vulns

@@ -0,0 +1,6 @@
+#This filter fails if there are: >2 high, upgradleable vulns OR >0 critical, upgradeable vulns
+version: 2
+customFilters:
+  filter: "if ([.vulnerabilities[] | select(.isUpgradable == true and .severity == \"high\")] | length > 2) or ([.vulnerabilities[] | select(.isUpgradable == true and .severity == \"critical\")] | length > 0) then .vulnerabilities |= map(if .isUpgradable == true and (.severity == \"high\" or .severity == \"critical\") then . else empty end) else .vulnerabilities |= map(empty) end"
+  pass: "if ([.vulnerabilities[] | select(.isUpgradable == true and .severity == \"high\")] | length > 2) or ([.vulnerabilities[] | select(.isUpgradable == true and .severity == \"critical\")] | length > 0) then 1 else 0 end"
+  msg: "High and critical severity & upgradeable vulns found. Please review upgrade steps"