Prevent feature for CLI tests
Essentially provides the ability to get the delta between 2 Snyk snapshots.
Particularly useful when running CLI-based scans, like in your local environment, git hooks, etc.\
Compares snapshots to give details about:
- New vulnerabilities not found in the baseline snapshot
- New license issues not found in the baseline snapshot
- Dependency delta between the 2 snaphots
- Direct Dependencies added and removed
- Indirect Dependencies added and removed
- Flag path(s) carrying new vulnerabilities
- Snyk Paid Account - Since it requires API usage, it therefore requires a paid account.
- Your project to be monitored
npm i -g snyk-delta
or
Grab a binary of your choice from the release page
-
Inline
-
snyk test --json --print-deps | snyk-delta -
Possibly point to a specific snapshot by specifying org+project coordinates
snyk test --json --print-deps | snyk-delta --baselineOrg xxx --baselineProject xxx
-
-
Standalone
- `snyk-delta --baselineOrg xxx --baselineProject xxx --currentOrg xxx --currentProject xxx
Note:
BaselineProject value is expected to be a UUID, not simply a name
Check your Snyk Web UI or API to retrieve those UUIDs.
import { getDelta } from 'snyk-delta'
const jsonResultsFromSnykTest = Read from file or pipe snyk test command
const result = await getDelta(jsonResultsFromSnykTest);
Result is a number:
- 0 for no new issue
- 1 for new issue(s) or when using strictMode and the unmonitored project has issues (see more details below in StrictMode)
- 2 for errors like invalid auth
Actual issue(s) details will be listed on stdout.
JSON output will be added soon.
-h to list help
When snyk-delta compares test results, it tries to find the same project, monitored on the Snyk platform. If no monitored project is found, is will return all the issues found by the CLI scan, essentially acting as pass through.
The return code will be 0 if no issue, 1 if issues.
Usage as a module requires list of issues coming from Snyk CLI. Currently not compatible with data coming straight from Snyk APIs.