Add snyk for dependency vulnerability checking #496

sethbergman · 2017-09-11T02:52:13Z

Feature

Integrate snyk for dependency vulnerability checking

Why is this feature being added?

It automatically checks dependencies that have been identified as vulnerable.

What should your feature do?

Run a command in package.json for the snyk app to report the dependency vulnerabilities.
snyk badge -->

sethbergman · 2017-09-29T11:33:56Z

Snyk's wizard will:

Enumerate your local dependencies and query Snyk's servers for vulnerabilities
Guide you through fixing found vulnerabilities
Create a .snyk policy file to guide snyk commands such as test and protect
Remember your dependencies to alert you when new vulnerabilities are disclosed

Querying vulnerabilities database...

License issues are not supported by the wizard, use snyk ignore

Tested 380 dependencies for known vulnerabilities, found 4 vulnerabilities, 27 vulnerable paths.

Low severity vuln found in [email protected], introduced via [email protected]

desc: Regular Expression Denial of Service (ReDoS)
info: https://snyk.io/vuln/npm:debug:20170905
from: [email protected] > [email protected] > [email protected]

Remediation options (Use arrow keys)

❯ Re-install [email protected] (triggers upgrade to [email protected])
Patch (modifies files locally, updates policy for snyk protect runs)
Set to ignore for 30 days (updates policy)
Skip

sethbergman · 2018-02-02T11:44:52Z

This should be good to go. Thanks @gokaygurcan and @kylemh for your help with this. Sorry about the delay.

dmarchante · 2018-07-14T21:41:02Z

@kylemh @sethbergman Why is this still open, is there a reason?

kylemh · 2018-07-14T21:58:37Z

The PR that's open for this doesn't work, and it should. I was having a back-n-forth email conversation with people @ Snyk, but wasn't able to resolve the issue.

kylemh · 2018-10-01T08:46:59Z

Dependency security issues tracked via Greenkeeper in new repo

sethbergman added this to the User Profiles with oAuth, Resume building / importing and Data Visualization milestone Sep 11, 2017

sethbergman added Priority: High Status: In Progress Type: Feature/Redesign labels Sep 11, 2017

sethbergman removed this from the User Profiles with oAuth, Resume building / importing and Data Visualization milestone Sep 11, 2017

sethbergman self-assigned this Sep 11, 2017

sethbergman mentioned this issue Sep 29, 2017

Integrate Snyc for Vulnerability Tests #513

Closed

sethbergman added Needs: More Detail and removed Priority: High Status: In Progress labels Sep 30, 2017

kylemh added hacktoberfest Priority: Low and removed Needs: More Detail labels Oct 1, 2017

gokaygurcan mentioned this issue Oct 2, 2017

chore: add snyk integration #562

Closed

2 tasks

kylemh removed the hacktoberfest label Nov 11, 2017

sethbergman mentioned this issue Feb 2, 2018

chore: snyk integration testing #841

Open

sethbergman added Status: In Progress and removed Status: Available labels Feb 2, 2018

kylemh removed the Status: In Progress label Apr 11, 2018

kylemh closed this as completed Oct 1, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add snyk for dependency vulnerability checking #496

Add snyk for dependency vulnerability checking #496

sethbergman commented Sep 11, 2017

sethbergman commented Sep 29, 2017

sethbergman commented Feb 2, 2018

dmarchante commented Jul 14, 2018

kylemh commented Jul 14, 2018

kylemh commented Oct 1, 2018

Add snyk for dependency vulnerability checking #496

Add snyk for dependency vulnerability checking #496

Comments

sethbergman commented Sep 11, 2017

Feature

Why is this feature being added?

What should your feature do?

sethbergman commented Sep 29, 2017

sethbergman commented Feb 2, 2018

dmarchante commented Jul 14, 2018

kylemh commented Jul 14, 2018

kylemh commented Oct 1, 2018