Skip to content
This repository was archived by the owner on Jun 10, 2019. It is now read-only.

chore: add snyk integration #562

Closed
wants to merge 0 commits into from
Closed

chore: add snyk integration #562

wants to merge 0 commits into from

Conversation

gokaygurcan
Copy link

Hi,

I finished these two:

  • Run a command in package.json for the snyk app to report the dependency vulnerabilities.
  • snyk badge

But when I ran snyk test, it found 9 vulnerabilities and 46 vulnerable paths. I'm not sure if they are in the scope of this issue. Please let me know if you want me to update those packages.

Thanks,
G.

Closes #496

@kylemh
Copy link
Member

kylemh commented Oct 2, 2017
edited
Loading

Looks like Travis is unhappy with this integration. I don't see that you've made any mistakes, but I'll need reviews from our Infra and Backend team. They're a bit in flux atm, but we'll get your PR merged ASAP assuming we can do so with no further work on your end.

@mwagz
Copy link
Contributor

mwagz commented Oct 2, 2017

Looks like it doesn't know what snyk is. I'm wondering if you have snyk installed globally, but the project isn't aware of it.

yarn test v0.24.4
$ snyk test && node scripts/test.js --env=jsdom 
sh: 1: snyk: not found
error Command failed with exit code 127.
make: *** [test] Error 1

We might just need to npm install snyk --save-dev here, but maybe the infrastructure team will have more insight.

@gokaygurcan
Copy link
Author

Ah! You're right. Since I have it installed globally, I didn't have any problem with the command. Adding it as a dev dependency in a minute.

@kylemh
Copy link
Member

kylemh commented Oct 3, 2017

Travis still is not pleased, and the log is not helpful at all hahaha

@gokaygurcan
Copy link
Author

gokaygurcan commented Oct 3, 2017
edited
Loading

I checked the logs, it says snyk test requires an authenticated account. Please run "snyk auth" and try again. and I don't have that kind of access. It looks like, someone needs to follow these steps to setup Travis to work with Snyk: https://snyk.io/docs/ci

And a blog post about it: https://blog.travis-ci.com/2017-04-20-continuous-security-snyk-travis-ci/

Please let me know if there's more I can do. But at this point, I don't know how I can help more.

@kylemh
Copy link
Member

kylemh commented Oct 3, 2017

We'll merge this as soon as we are able, @gokaygurcan

@sethbergman
Copy link
Member

This just needs a snyk account created by an organization admin. That's all.

@kylemh
Copy link
Member

kylemh commented Jan 23, 2018

@gokaygurcan believe it or not I'm still on this... Trying to get environment variables to work. Everything is up to date. Will merge soon.

@gokaygurcan
Copy link
Author

Hi @kylemh,
Thanks for informing me, I'm also getting notifications and keep tracking the progress. I hope it'll land on master soon and you'll start using it.

Good luck! In case you need me, I'm just a mention away ;)

@sethbergman sethbergman self-requested a review February 2, 2018 09:38
@sethbergman sethbergman closed this Feb 2, 2018
@sethbergman
Copy link
Member

I unintentionally closed this by pushing to your master branch @gokaygurcan. All of your contributions will carry over into the upcoming PR. Since the earlier comments indicate closes #496, it automatically closed the issue and PR.

@sethbergman sethbergman removed their request for review February 2, 2018 11:11
@sethbergman sethbergman mentioned this pull request Feb 2, 2018
Open
@gokaygurcan
Copy link
Author

Hi,
no worries. Glad that it worked in the end ;)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@gokaygurcan @kylemh @mwagz @sethbergman