Support multiple "package file" types in a single run

[jessehouwing]

In .NET projects it's common to have both a packages.config and a project.json. It would be nice if we could specify multiple "files to scan" when running snyk or snyk automatically detecting all applicable files in the current directory.

These two dependency files are generally used to:

• Bring in front-end javascript dependencies through npm
• Bring in back-end and rendering extensions to ASP.NET MVC through NuGet

[jessehouwing]

I'd love to be able to pass Snyk a (list of) project files using a glob. Or even a list of full paths and then I can do the globbing myself. Being able to pass in a Visual Studio Solution file would also work ;).

Then have them all be tested, monitored in a single run. That way I can test a complete Visual Studio solution, which, in the end, delivers a single packaged application.

It makes more sense to be able to monitor the whole, instead of each individual sub-project.

[adrukh]

@jessehouwing 👋

With our .NET support released in December 2017 we made some decisions and improvements on our CLI. Namely:

• Solution scanning & snapshotting is available with snyk test --file=Solution.sln or snyk monitor --file=Solution.sln. This runs a separate test for each project path mentioned in the solution file.
• Better support for multiple paths scanning in one go: snyk test path1 path2 path3, where pathN is a path to a project folder (not a manifest file). Each path's manifest file will be auto-detected (doesn't have to be the same across all paths).
• To force the CLI to a specific manifest file in all paths: snyk test --file=packages.config path1 path2 path3
• What we still don't have is the ability to test explicit different manifest files in a single command. Not seeing a reason not to support this, but cannot promise a specific timeline yet.

Hope this helps, let me know how you get along!

[jessehouwing]

Absolutely. I'll see if I can add this behavior to the VSTS tasks. I'd love it if the commandline help would show [path] [path...] or similar to make this more configurable. Similar for snyk help files, which doesn't list the solution option. On 30 Mar 2018 12:44, "Anton Drukh" <notifications@github.com> wrote: @jessehouwing <https://github.com/jessehouwing> 👋 With our .NET support released in December 2017 <https://snyk.io/blog/announcing-net-go-php/> we made some decisions and improvements on our CLI. Namely: - Solution scanning & snapshotting is available with snyk test --file=Solution.sln or snyk monitor --file=Solution.sln. This runs a separate test for each project path mentioned in the solution file. - Better support for multiple paths scanning in one go: snyk test path1 path2 path3, where pathN is a path to a project folder (not a manifest file). Each path's manifest file will be auto-detected (doesn't have to be the same across all paths). - To force the CLI to a specific manifest file in all paths: snyk test --file=packages.config path1 path2 path3 - What we still don't have is the ability to test explicit different manifest files in a single command. Not seeing a reason not to support this, but cannot promise a specific timeline yet. Hope this helps, let me know how you get along! — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#142 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AD-uS3VaVM2C66jsLuMQNG-Zh4SxQK9cks5tjgx9gaJpZM4TBdMw> .

[adrukh]

I'd be forever grateful if you could suggest a PR to our CLI help - https://github.com/snyk/snyk/tree/master/help

🙏