diff --git a/README.md b/README.md index e63a2dc..920eeb1 100644 --- a/README.md +++ b/README.md @@ -7,9 +7,10 @@ snyk-filter takes the JSON outputted from the [Snyk CLI](https://support.snyk.io [![Known Vulnerabilities](https://snyk.io//test/github/snyk-tech-services/snyk-filter/badge.svg?targetFile=package.json)](https://snyk.io//test/github/snyk-tech-services/snyk-filter?targetFile=package.json) [![CircleCI](https://circleci.com/gh/snyk-tech-services/snyk-filter.svg?style=svg)](https://circleci.com/gh/snyk-tech-services/snyk-filter) -[![Not Maintained](https://img.shields.io/badge/Maintenance%20Level-Not%20Maintained-yellow.svg)](https://gist.github.com/cheerfulstoic/d107229326a01ff0f333a1d3476e068d) +[![Inactively Maintained](https://img.shields.io/badge/Maintenance%20Level-Inactively%20Maintained-yellowgreen.svg)](https://gist.github.com/cheerfulstoic/d107229326a01ff0f333a1d3476e068d) -**This repository is not in active developemnt and critical bug fixes only will be considered.** + +**This repository is in maintenance mode, no new features are being developed. Bug & security fixes will continue to be delivered. Open source contributions are welcome for small features & fixes (no breaking changes)** # How do I use it? diff --git a/lib/snyk-filter.js b/lib/snyk-filter.js index 09b1ff5..dfd313b 100644 --- a/lib/snyk-filter.js +++ b/lib/snyk-filter.js @@ -154,7 +154,7 @@ function pass(data, passString, passFailMsg) { jq.run(query, data, options) .then((output) => { if (output == 0) { - console.warn( + console.info( `${chalk.yellow( data.projectName || data.path )} - No issues found after custom filtering` diff --git a/package.json b/package.json index da678ff..9992b4b 100644 --- a/package.json +++ b/package.json @@ -4,8 +4,8 @@ "description": "Module to consume json output from Snyk CLI for advanced filtering and results display", "main": "index.js", "scripts": { - "test": "snyk test && mocha ./tests && npm run lint", - "snyk-protect": "snyk protect", + "test": "npx snyk test && mocha ./tests && npm run lint", + "snyk-protect": "snyk-protect", "prepare": "npm run snyk-protect", "lint": "prettier --check **/*.js", "format": "prettier --write **/*.js" @@ -16,18 +16,21 @@ "snyk-filter": "./index.js" }, "dependencies": { + "@snyk/protect": "1.1022.0", "chalk": "^2.3.2", - "debug": "^4.3.4", - "is-relative": "^1.0.0", - "js-yaml": "^3.13.1", - "lodash": "^4.17.21", - "minimist": "^1.2.6", - "node-jq": "^1.12.0", - "snyk": "^1.946.0" + "debug": "4.3.4", + "is-relative": "1.0.0", + "js-yaml": "4.1.0", + "lodash": "4.17.21", + "minimist": "1.2.6", + "node-jq": "2.3.4" }, "devDependencies": { "mocha": "^5.0.4", "prettier": "^2.2.1" }, + "engines": { + "node": ">=10" + }, "snyk": true } diff --git a/sample-filters/example-more-than-n-vulns b/sample-filters/example-more-than-n-vulns new file mode 100644 index 0000000..694de4c --- /dev/null +++ b/sample-filters/example-more-than-n-vulns @@ -0,0 +1,6 @@ +#This filter fails if there are: >2 high, upgradleable vulns OR >0 critical, upgradeable vulns +version: 2 +customFilters: + filter: "if ([.vulnerabilities[] | select(.isUpgradable == true and .severity == \"high\")] | length > 2) or ([.vulnerabilities[] | select(.isUpgradable == true and .severity == \"critical\")] | length > 0) then .vulnerabilities |= map(if .isUpgradable == true and (.severity == \"high\" or .severity == \"critical\") then . else empty end) else .vulnerabilities |= map(empty) end" + pass: "if ([.vulnerabilities[] | select(.isUpgradable == true and .severity == \"high\")] | length > 2) or ([.vulnerabilities[] | select(.isUpgradable == true and .severity == \"critical\")] | length > 0) then 1 else 0 end" + msg: "High and critical severity & upgradeable vulns found. Please review upgrade steps"