Skip to content

Commit

Permalink
feat: print warning message on app-vulns enablement
Browse files Browse the repository at this point in the history 
We want to notify customers about the upcoming change to scan app vulns
by default in the CLI. As such, this commit adds a warning message
whenever `container monitor` or `container test` is executed.
  • Loading branch information
@tommyknows
tommyknows committed Oct 3, 2022
1 parent 5d704e2 commit 9216c49
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 12 deletions.
24 changes: 18 additions & 6 deletions src/cli/commands/monitor/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import * as Debug from 'debug';
import * as pathUtil from 'path';
import { legacyPlugin as pluginApi } from '@snyk/cli-interface';
import { checkOSSPaths } from '../../../lib/check-paths';
import * as theme from '../../../lib/theme';

import {
MonitorOptions,
Expand Down Expand Up @@ -50,6 +51,11 @@ import { processCommandArgs } from '../process-command-args';

const SEPARATOR = '\n-------------------------------------------------------\n';
const debug = Debug('snyk');
const appVulnsReleaseWarningMsg = `${theme.icon.WARNING} Important: Beginning January 24th, 2023, application dependencies in container
images will be scanned by default when using the snyk container test/monitor
commands. If you are using Snyk in a CI pipeline, action may be required. Read
https://snyk.io/blog/securing-container-applications-using-the-snyk-cli/ for
more info.`;

// This is used instead of `let x; try { x = await ... } catch { cleanup }` to avoid
// declaring the type of x as possibly undefined.
Expand Down Expand Up @@ -87,12 +93,18 @@ export default async function monitor(...args0: MethodArgs): Promise<any> {
throw new Error('`--remote-repo-url` is not supported for container scans');
}

// TODO remove once https://github.com/snyk/cli/pull/3433 is merged
if (
options.docker &&
(!options['app-vulns'] || options['exclude-app-vulns'])
) {
options['exclude-app-vulns'] = true;
// TODO remove 'app-vulns' options and warning message once
// https://github.com/snyk/cli/pull/3433 is merged
if (options.docker) {
if (!options['app-vulns'] || options['exclude-app-vulns']) {
options['exclude-app-vulns'] = true;
}

// we can't print the warning message with JSON output as that would make
// the JSON output invalid.
if (!options['app-vulns'] && !options['json']) {
console.log(theme.color.status.warn(appVulnsReleaseWarningMsg));
}
}

// Handles no image arg provided to the container command until
Expand Down
25 changes: 19 additions & 6 deletions src/cli/commands/test/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ const cloneDeep = require('lodash.clonedeep');
const assign = require('lodash.assign');
import chalk from 'chalk';
import { MissingArgError } from '../../../lib/errors';
import * as theme from '../../../lib/theme';

import * as snyk from '../../../lib';
import { Options, TestOptions } from '../../../lib/types';
Expand Down Expand Up @@ -48,6 +49,12 @@ import { checkOSSPaths } from '../../../lib/check-paths';
const debug = Debug('snyk-test');
const SEPARATOR = '\n-------------------------------------------------------\n';

const appVulnsReleaseWarningMsg = `${theme.icon.WARNING} Important: Beginning January 24th, 2023, application dependencies in container
images will be scanned by default when using the snyk container test/monitor
commands. If you are using Snyk in a CI pipeline, action may be required. Read
https://snyk.io/blog/securing-container-applications-using-the-snyk-cli/ for
more info.`;

// TODO: avoid using `as any` whenever it's possible

export default async function test(
Expand Down Expand Up @@ -88,12 +95,18 @@ export default async function test(
throw new MissingArgError();
}

// TODO remove once https://github.com/snyk/cli/pull/3433 is merged
if (
options.docker &&
(!options['app-vulns'] || options['exclude-app-vulns'])
) {
options['exclude-app-vulns'] = true;
// TODO remove 'app-vulns' options and warning message once
// https://github.com/snyk/cli/pull/3433 is merged
if (options.docker) {
if (!options['app-vulns'] || options['exclude-app-vulns']) {
options['exclude-app-vulns'] = true;
}

// we can't print the warning message with JSON output as that would make
// the JSON output invalid.
if (!options['app-vulns'] && !options['json']) {
console.log(theme.color.status.warn(appVulnsReleaseWarningMsg));
}
}

const ecosystem = getEcosystemForTest(options);
Expand Down

0 comments on commit 9216c49

Please sign in to comment.