jitar icon indicating copy to clipboard operation
jitar copied to clipboard

Published 20 hours ago verified publisher icon MaskingTechnology

Install snyk cli for local vulnerabilty testing

Open basmasking opened this issue 1 year ago • 13 comments

Snyk is enabled in the CI pipeline. To make it easier for ourselves to execute the scans locally, we should add the cli tool from snyk.

basmasking avatar Jan 04 '24 05:01 basmasking

I can look at this.

tony-nyagah avatar Jan 05 '24 08:01 tony-nyagah

Hello @tony-nyagah,

You're more than welcome to pick up this issue :)

If you have any questions, don't hesitate to ask them. You can reach out to us here, or on our discord channel

Thank you

basmasking avatar Jan 05 '24 08:01 basmasking

I want to look at this issue.

OriloyeEmerald avatar Jan 05 '24 11:01 OriloyeEmerald

Hi @OriloyeEmerald,

Thanks for your interest in picking up this issue. Just a couple of hours ago @tony-nyagah also showed interest in this ticket. Maybe you can work together on this issue?

If you have any questions, don't hesitate to ask them. You can reach out to us here, or on our discrod channel

basmasking avatar Jan 05 '24 12:01 basmasking

@BasMasking When I try to run npm install I get this error  ERR_PNPM_FETCH_404  GET https://registry.npmjs.org/eslint-plugin-jitar: Not Found - 404.

tony-nyagah avatar Jan 06 '24 14:01 tony-nyagah

@tony-nyagah the package eslint-plugin-jitar is not published on npm, but should be in the tools folder in the root of jitar. It's also defined in the package.json as a workspace, thus npm should be able to resolve the package.

From the error message it seems you're using pnpm, is that correct?

basmasking avatar Jan 06 '24 16:01 basmasking

From the error message it seems you're using pnpm, is that correct?

I tried with npm but was getting some errors. I think my internet was acting up. npm install works now.

tony-nyagah avatar Jan 07 '24 12:01 tony-nyagah

@tony-nyagah do you need any help with the issue?

basmasking avatar Jan 21 '24 12:01 basmasking

I'm sorry about my unavailability, I had issues with my computer. I have installed the snyk tool and configured it for local vulnerability testing. What is the next step please?

OriloyeEmerald avatar Jan 22 '24 23:01 OriloyeEmerald

@tony-nyagah do you need any help with the issue?

@OriloyeEmerald seems to have resolved the issue so I'm going to leave this issue with him.

tony-nyagah avatar Jan 23 '24 06:01 tony-nyagah

@tony-nyagah, that's great then. Are you on discord so I can connect with you?

OriloyeEmerald avatar Jan 24 '24 01:01 OriloyeEmerald

@OriloyeEmerald the description in this issue has been a bit sparse. After the CLI is installed locally (added as a devDependency in the package.json), it should be possible to run the cli with a snyk account and use environment variables to set the tokens and account details into the cli configuration.

Ideally, we have another script in the package.json to run the cli and get the vulnerabilites from the snyk api by typing npm run snyk-test in the terminal.

petermasking avatar Jan 24 '24 08:01 petermasking

@tony-nyagah, that's great then. Are you on discord so I can connect with you?

I am on Discord. I go by osteerich on there.

tony-nyagah avatar Jan 24 '24 08:01 tony-nyagah