cli icon indicating copy to clipboard operation
cli copied to clipboard

Published 20 hours ago verified publisher icon snyk

[🙏 ] The following option combination is not currently supported: monitor + json-file-output

Open JPLachance opened this issue 2 years ago • 2 comments

  • node -v: v14.17.0
  • npm -v: 6.14.13
  • snyk -v: 1.741.0
  • OS: OSX
  • Command run: snyk monitor --json --severity-threshold=high --file=src/project/requirements.txt --org=my-org --project-name=my-project --json-file-output=snyk-result.json

Expected behaviour

I need the ability to monitor a project and get results in a JSON file using a single Snyk command.

Ideally, when running Snyk with both monitor + json-file-output, Snyk would give me two JSON files:

  • One with the monitor --json response
  • Another one with the actual scan results.

Actual behaviour

Today, I need to:

snyk test --json --severity-threshold=high --file=src/project/requirements.txt --org=my-org --project-name=my-project --json-file-output=snyk-result.json
snyk monitor --json --severity-threshold=high --file=src/project/requirements.txt --org=my-org --project-name=my-project > snyk-monitor-result.json

in order to both get results and monitor a project. It's a bit ugly and not efficient.

Steps to reproduce

Simply run snyk using both monitor + json-file-output arguments.

JPLachance avatar Oct 26 '21 23:10 JPLachance

Hello,

Since I feel my request was not clear, today, I use: snyk monitor --json --severity-threshold=high --file=src/project/requirements.txt --org=my-org --project-name=my-project > snyk-monitor-result.json

As we can see, --json outputs JSON, then I pipe it to an actual JSON file.

https://github.com/snyk/snyk/blob/master/src/cli/commands/monitor/index.ts#L271

Instead of doing a pipe, I would like to use --json-file-output, like we do for the test command.

Why?

  • I use the Snyk Jenkins plugin and that plugin simply use the CLI. When a command line argument is not supported by the CLI, it cannot be supported by the Jenkins plugin.

So, my issue is purely one of "inconsistency between Snyk CLI commands". The test command implements --json-file-output, it would be nice to support the exact same thing with the monitor command.

Expected behavior: same as the pipe 😄

I simply need the output of the monitor command in a JSON file, so code can parse it, make sure it worked, send some links in Slack. Basically, when Snyk finds a vulnerability, we grab that link, send a Slack notification to the code owners, give them the link to the monitored project so they can act.

I hope this clarifies my request. From my reading of the https://github.com/snyk/snyk/blob/master/src/cli/commands/monitor/process-json-monitor.ts function, it's an easy change. Adding an argument to that function, write to both a file and STDOUT could be the way to go.

I hope this helps!

JPLachance avatar Mar 03 '22 00:03 JPLachance

Hello,

I stumbled upon the same problem, but when running snyk via the snyk/actions/node GitHub Action. Therefore I cannot use @JPLachance's pipe workaround. I guess I will need to revert to installing the snyk-cli myself and run the snyk monitor command manually in the meantime 😞

gdostie avatar Jul 27 '22 16:07 gdostie