provide binaries for snyk-filter

[scott-es]

package snyk-filter executable to the release assets section, as it is being done with other tools

[cpolzer]

Hey Scotte,

also please think about including this into the basic snyk images. The biggest usecase probably is to use it in CI pipelines. And there the needed NPM install becomes a problem in case deprecated dependencies for example are somehow a problem, or globally installing npm packages on build agents.

Edit: thinking about that, it would be super nice if the azure devops extention would include installing the snyk-filters.

Why I have an interest in this: The problem is with the "snyk test" threshold, that it also filters out findings below that threshold. At least last time I checked with the azure devops extension.

I just implemented it as an Azure DevOps Pipeline Template, completely without javascript:

parameters:
- name: snyk_filter_config
  type: string
  default: '.snyk-filter/snyk.yml'
- name: snyk_report_json
  type: string
  default: '$(Agent.TempDirectory)/vuln-$(Build.BuildId).json'

steps:
- task: PythonScript@0
  displayName: "👹 Vulnerability build breaker"
  inputs:
    scriptSource: 'inline'
    script: |
        import yaml
        import subprocess
        import sys

        with open( '${{ parameters.snyk_filter_config }}' ) as file:
          filter_config = yaml.load(file, Loader=yaml.FullLoader)

        command = "cat ${{ parameters.snyk_report_json }}"
        
        custom_filters = filter_config["customFilters"]
        
        command = command  + " | jq '%s | %s '" % (custom_filters["filter"], custom_filters["pass"])
        print("##[info]", "Compiled filter command is: ", command)
        
        count_filtered = subprocess.getoutput(command)
        
        if int(count_filtered) > 0:
            print("##vso[task.logissue type=error]", custom_filters["msg"])
            print("##vso[task.complete result=Failed;]", custom_filters["msg"])
    failOnStderr: true