cli Snyk badge can't be loaded

Snyk badge can't be loaded

Open ZoranPandovski opened this issue 5 years ago • 35 comments

Expected behavior

I am using Snyk in most of my open source repositories. The only problem so far is the loading of the badge. Most of the time alt is displayed.

Actual behavior

Display Snyk badge image with known vulnerabilities.

Example

screenshot from 2019-01-28 00-09-47

Jan 27 '19 23:01 ZoranPandovski

Sometimes it would take our service a few seconds to respond with the badge (depending on the complexity of the project being scanned). GitHub have a very short timeout on badges, and will not wait for a response for longer than 1-2s I believe. However, GitHub would also cache badges, so once we come through, the badge should persist.

If you can provide the name(s) of relevant repo(s), we'll be happy to take a look and see what the issue is.

Jan 28 '19 07:01 adrukh

Hi @adrukh, thanks for the answer. Most of the badges from other tools are loaded, only Snyk is slow. The same problem is in all of my repositories, so I will share a few examples: https://github.com/ZoranPandovski/BookingScraper https://github.com/ZoranPandovski/pycoincap https://github.com/ZoranPandovski/ProdirectScraper https://github.com/ZoranPandovski/mindsdb

Jan 28 '19 09:01 ZoranPandovski

Thanks, I see these are all Python projects. All the badges loaded for me right now.

We'll take a look at our performance for Python project scanning and see if we can improve it for this specific flow. I cannot offer any precise timeline right now.

Jan 28 '19 09:01 adrukh

Yes, most of them are python projects. Thanks @adrukh

Jan 28 '19 10:01 ZoranPandovski

I have the same issue on a private repository with Ruby. I have tried with and without specifing a target file.

Feb 02 '19 16:02 ProgrammingSam

@ProgrammingSam badges for private repos are not yet supported. Rendering the badge requires anonymous access to the repo, so only public repos are supported for now.

We have this feature request written down on our side, but I cannot comment on a specific timeline for it just yet.

Feb 02 '19 17:02 adrukh

Thank you @adrukh, I missed the information.

Feb 02 '19 17:02 ProgrammingSam

thanks for the info @adrukh. other projects seem to work-around the anonymous access problem by issuing project-specific badges (have a token in the url for the badge that identifies the project). this also allows you to quickly check against last build status to render the badge instead of running a complete check.

Feb 13 '19 18:02 yunake

@yunake indeed, that's the direction we'll take once we decide to implement this. Thanks!

Feb 14 '19 10:02 adrukh

Hi @adrukh, I am facing same issue for my python projects, it's a small projects with less dependency i believe. Can you have a look, it take 2-3 min's to load a badge and i need to do refresh to get the badge correct.

https://github.com/network-tools/shconfparser https://github.com/network-tools/pingping

Mar 12 '19 19:03 kirankotari

I just check the @kirankotari repos and it's still the same issue: Screenshot from 2019-01-28 00-09-47

Mar 12 '19 19:03 ZoranPandovski

This is an issue for Java projects as well. On this though...

"We'll take a look at our performance for Python project scanning and see if we can improve it for this specific flow"

Is this related? Surely it's not doing a scan before returning the badge? The badge isn't cached from the last time that snyk checked a project?

Apr 08 '19 03:04 ksclarke

Please can you look into mine, too?

https://github.com/nickpts/Ventura

Thanks,

Jun 25 '19 19:06 nickpts

👋 Is still an issue for anyone?

Oct 11 '19 11:10 lili2311

It's better now for me. Badges are loading.

Oct 13 '19 00:10 ksclarke

Same issue here, after reload page the snyk badge appears https://github.com/edumco/django-realworld-example-app

Nov 20 '19 15:11 edumco

This has also been a problem for my project

https://GitHub.com/seisollc/easy_sast

Jan 03 '20 00:01 JonZeolla

I should update that it didn't totally fix it for me. They do seem to load more than they did before but it's not unusual for the Snyk badge to be the one out of the many on my repos that isn't/hasn't loaded.

Jan 06 '20 16:01 ksclarke

Experiencing the same thing sometimes.

Also, it may be a different issue, but badges are wrong too.

Showing this badge: https://snyk.io/test/github/UnlyEd/conditions-matcher/badge.svg Will display as this:

But there actually are vulnerabilities for this projects:

But the "public" page doesn't show them: https://snyk.io/test/github/UnlyEd/conditions-matcher?targetFile=package.json

I don't quite understand how it works, it seems broken, or vulnerabilities are hidden for non-project maintainers (but in such case, showing badges is useless)

Jan 31 '20 13:01 Vadorequest

The same thing happens in my repo. The request that's responsible for downloading this badge times out with 504. It happens randomly after refreshing the page. When I open the badge URL directly in my browser (https://snyk.io/test/github/TKasperczyk/mern-app-template-frontend/badge.svg), it eventually loads after some time (30-60s). I think it's related to some kind of a caching mechanism that you guys use. Refreshing the page multiple times with ctrl+f5 greatly reduces the wait time of subsequent refreshes. When I try to do it again after some time, the problem comes back.

Screenshot from 2020-02-12 16-17-30

Feb 12 '20 15:02 TKasperczyk

I also ran into the same issue. After a few refreshes, the badge finally shows up but it is not consistent. I noticed a gateway timeout (504) in my console that was loading the badge from the githubusercontent.com, which seems to be the case described in https://github.com/snyk/snyk/issues/347#issuecomment-458018160:

.. GitHub would also cache badges, so once we come through, the badge should persist.

Screen Shot 2020-04-27 at 2 58 05 PM

@adrukh: How is the investigation going on the Snyk's side? I would love to show the vulnerability badge in my repos but it being flaky made me remove the badges from some of my projects before it is improved.

May 01 '20 01:05 FYJen

Hi @FYJen , I will check the situation and come back with an update as soon as we can provide a relevant result. Thanks for patience :)

May 03 '20 18:05 anthogez

The badge https://snyk.io/test/github/rubyforgood/casa/badge.svg never loads although the repo exists in snyk and I can log into it. https://snyk.io/test/github/rubyforgood/casa https://github.com/rubyforgood/casa

When I go to the url https://snyk.io/test/github/rubyforgood/casa/badge.svg directly it does load though. Please help?

May 20 '20 17:05 compwron

I randomly face the same situation on my project: https://github.com/xmaysonnave/tiddlywiki-ipfs Here is a screenshot. snyk-badge-issue Thanks

May 24 '20 06:05 xmaysonnave

Thank you for reporting the issue, as I mentioned before we are collecting the necessary context to create a proper long term solution to resolve this issue.

Being transparent, we are not ignoring this problem :)

May 24 '20 15:05 anthogez

@anthogez You're welcome. Keep up your good work?

May 25 '20 03:05 xmaysonnave

Hello, I am basically trying the same but with a Golang project using go.mod file, any special thing to do like using the target file? https://github.com/vittico/g-s-ca20201-micro