Skip to content
This repository has been archived by the owner on Jun 10, 2019. It is now read-only.

Add snyk for dependency vulnerability checking #496

Closed
sethbergman opened this issue Sep 11, 2017 · 5 comments · May be fixed by #841
Closed

Add snyk for dependency vulnerability checking #496

sethbergman opened this issue Sep 11, 2017 · 5 comments · May be fixed by #841

Comments

@sethbergman
Copy link
Member

Feature

Integrate snyk for dependency vulnerability checking

Why is this feature being added?

It automatically checks dependencies that have been identified as vulnerable.

What should your feature do?

  • Run a command in package.json for the snyk app to report the dependency vulnerabilities.

  • snyk badge --> Known Vulnerabilities

@sethbergman
Copy link
Member Author

Snyk's wizard will:

  • Enumerate your local dependencies and query Snyk's servers for vulnerabilities
  • Guide you through fixing found vulnerabilities
  • Create a .snyk policy file to guide snyk commands such as test and protect
  • Remember your dependencies to alert you when new vulnerabilities are disclosed

Querying vulnerabilities database...

License issues are not supported by the wizard, use snyk ignore

Tested 380 dependencies for known vulnerabilities, found 4 vulnerabilities, 27 vulnerable paths.

Remediation options (Use arrow keys)

  1. ❯ Re-install [email protected] (triggers upgrade to [email protected])
  2. Patch (modifies files locally, updates policy for snyk protect runs)
  3. Set to ignore for 30 days (updates policy)
  4. Skip

@sethbergman
Copy link
Member Author

This should be good to go. Thanks @gokaygurcan and @kylemh for your help with this. Sorry about the delay.

@dmarchante
Copy link
Contributor

@kylemh @sethbergman Why is this still open, is there a reason?

@kylemh
Copy link
Member

kylemh commented Jul 14, 2018

The PR that's open for this doesn't work, and it should. I was having a back-n-forth email conversation with people @ Snyk, but wasn't able to resolve the issue.

@kylemh
Copy link
Member

kylemh commented Oct 1, 2018

Dependency security issues tracked via Greenkeeper in new repo

@kylemh kylemh closed this as completed Oct 1, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.