From b8b6892bd8fa2c6f378bc4eb9728d981e9063274 Mon Sep 17 00:00:00 2001 From: Amit Rubinstein <96248586+amitsnyk@users.noreply.github.com> Date: Wed, 16 Mar 2022 20:40:16 -0400 Subject: [PATCH 1/5] Create example-more-than-n-vulns --- sample-filters/example-more-than-n-vulns | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 sample-filters/example-more-than-n-vulns diff --git a/sample-filters/example-more-than-n-vulns b/sample-filters/example-more-than-n-vulns new file mode 100644 index 0000000..694de4c --- /dev/null +++ b/sample-filters/example-more-than-n-vulns @@ -0,0 +1,6 @@ +#This filter fails if there are: >2 high, upgradleable vulns OR >0 critical, upgradeable vulns +version: 2 +customFilters: + filter: "if ([.vulnerabilities[] | select(.isUpgradable == true and .severity == \"high\")] | length > 2) or ([.vulnerabilities[] | select(.isUpgradable == true and .severity == \"critical\")] | length > 0) then .vulnerabilities |= map(if .isUpgradable == true and (.severity == \"high\" or .severity == \"critical\") then . else empty end) else .vulnerabilities |= map(empty) end" + pass: "if ([.vulnerabilities[] | select(.isUpgradable == true and .severity == \"high\")] | length > 2) or ([.vulnerabilities[] | select(.isUpgradable == true and .severity == \"critical\")] | length > 0) then 1 else 0 end" + msg: "High and critical severity & upgradeable vulns found. Please review upgrade steps" From 55fccefea2d7fb04be81e26455f91022ea364975 Mon Sep 17 00:00:00 2001 From: Lili Kastilio Date: Wed, 5 Oct 2022 22:52:56 +0100 Subject: [PATCH 2/5] docs: inactively maintained --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e63a2dc..920eeb1 100644 --- a/README.md +++ b/README.md @@ -7,9 +7,10 @@ snyk-filter takes the JSON outputted from the [Snyk CLI](https://support.snyk.io [![Known Vulnerabilities](https://snyk.io//test/github/snyk-tech-services/snyk-filter/badge.svg?targetFile=package.json)](https://snyk.io//test/github/snyk-tech-services/snyk-filter?targetFile=package.json) [![CircleCI](https://circleci.com/gh/snyk-tech-services/snyk-filter.svg?style=svg)](https://circleci.com/gh/snyk-tech-services/snyk-filter) -[![Not Maintained](https://img.shields.io/badge/Maintenance%20Level-Not%20Maintained-yellow.svg)](https://gist.github.com/cheerfulstoic/d107229326a01ff0f333a1d3476e068d) +[![Inactively Maintained](https://img.shields.io/badge/Maintenance%20Level-Inactively%20Maintained-yellowgreen.svg)](https://gist.github.com/cheerfulstoic/d107229326a01ff0f333a1d3476e068d) -**This repository is not in active developemnt and critical bug fixes only will be considered.** + +**This repository is in maintenance mode, no new features are being developed. Bug & security fixes will continue to be delivered. Open source contributions are welcome for small features & fixes (no breaking changes)** # How do I use it? From 1c6b5ce58ec185f109d1d828a07bf1c0b77a5a2a Mon Sep 17 00:00:00 2001 From: ghe Date: Wed, 5 Oct 2022 23:03:43 +0100 Subject: [PATCH 3/5] fix: update deps --- package.json | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/package.json b/package.json index da678ff..3b31ba4 100644 --- a/package.json +++ b/package.json @@ -16,13 +16,14 @@ "snyk-filter": "./index.js" }, "dependencies": { - "chalk": "^2.3.2", - "debug": "^4.3.4", - "is-relative": "^1.0.0", - "js-yaml": "^3.13.1", - "lodash": "^4.17.21", - "minimist": "^1.2.6", - "node-jq": "^1.12.0", + "@snyk/protect": "1.1022.0", + "chalk": "5.1.0", + "debug": "4.3.4", + "is-relative": "1.0.0", + "js-yaml": "4.1.0", + "lodash": "4.17.21", + "minimist": "1.2.6", + "node-jq": "2.3.4", "snyk": "^1.946.0" }, "devDependencies": { From 559538843a974948fbad71ac4be9fe6bfb88fe08 Mon Sep 17 00:00:00 2001 From: ghe Date: Thu, 6 Oct 2022 09:58:08 +0100 Subject: [PATCH 4/5] feat: min Node 10 as @snyk/protect is Node 10+ --- package.json | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 3b31ba4..9992b4b 100644 --- a/package.json +++ b/package.json @@ -4,8 +4,8 @@ "description": "Module to consume json output from Snyk CLI for advanced filtering and results display", "main": "index.js", "scripts": { - "test": "snyk test && mocha ./tests && npm run lint", - "snyk-protect": "snyk protect", + "test": "npx snyk test && mocha ./tests && npm run lint", + "snyk-protect": "snyk-protect", "prepare": "npm run snyk-protect", "lint": "prettier --check **/*.js", "format": "prettier --write **/*.js" @@ -17,18 +17,20 @@ }, "dependencies": { "@snyk/protect": "1.1022.0", - "chalk": "5.1.0", + "chalk": "^2.3.2", "debug": "4.3.4", "is-relative": "1.0.0", "js-yaml": "4.1.0", "lodash": "4.17.21", "minimist": "1.2.6", - "node-jq": "2.3.4", - "snyk": "^1.946.0" + "node-jq": "2.3.4" }, "devDependencies": { "mocha": "^5.0.4", "prettier": "^2.2.1" }, + "engines": { + "node": ">=10" + }, "snyk": true } From 350b8171e45b1e41fe706ab5378c4618ef7e8786 Mon Sep 17 00:00:00 2001 From: Antoine Arlaud Date: Fri, 25 Nov 2022 13:18:41 +0100 Subject: [PATCH 5/5] fix: switch no issues to output to info to not fail CI scripts --- lib/snyk-filter.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/snyk-filter.js b/lib/snyk-filter.js index 09b1ff5..dfd313b 100644 --- a/lib/snyk-filter.js +++ b/lib/snyk-filter.js @@ -154,7 +154,7 @@ function pass(data, passString, passFailMsg) { jq.run(query, data, options) .then((output) => { if (output == 0) { - console.warn( + console.info( `${chalk.yellow( data.projectName || data.path )} - No issues found after custom filtering`