consumerfinance.gov icon indicating copy to clipboard operation
consumerfinance.gov copied to clipboard

Published 20 hours ago verified publisher icon cfpb

Document snyk usage

Open anselmbradford opened this issue 7 years ago • 4 comments

Current behavior

  • snyk dependency is used for running npm run test, however, this requires an authenticated snyk account. (snyk test requires an authenticated account. Please run snyk auth and try again.). There is documentation on why snyk is in the project or how it should be setup.

Expected behavior

  • When/why/how to use npm run test is documented in the project testing docs.

anselmbradford avatar Nov 09 '17 15:11 anselmbradford

@ascott1 Since we're trialling snyk.io accounts, is having a command in the project necessary?

anselmbradford avatar Apr 18 '18 20:04 anselmbradford

Since we're trialling snyk.io accounts, is having a command in the project necessary?

I'd lean towards no, assuming we have a process for monitoring/resolving snyk alerts.

ascott1 avatar Apr 20 '18 18:04 ascott1

Is this still an issue you want help on? Wasn't sure based on the conversation above. Thanks!

saracope avatar Apr 18 '19 13:04 saracope

Hi @saracope,

We could use a section in above https://cfpb.github.io/consumerfinance.gov/other-front-end-testing/#performance-testing for "Security testing" that lists running yarn test (formerly npm test) to run the snyk tests. We also have https://github.com/cfpb/cfgov-refresh/issues/2303, but looks like I ran into issues there.

anselmbradford avatar Apr 18 '19 14:04 anselmbradford