From b77bddde465b9754c9a1acd89d4843d478025869 Mon Sep 17 00:00:00 2001 From: Jessica Wagantall Date: Mon, 6 Mar 2023 13:30:43 -0800 Subject: [PATCH] Fix: Allow SNYK scanner to take additional options Add SNYK_CLI_OPTIONS parameter which can be used to pass additional Snyk CLI options as per https://docs.snyk.io/snyk-cli/cli-reference. Signed-off-by: Jessica Wagantall Change-Id: I7fb8157a263d03f3780beb044e2e7c5093c2877b --- docs/jjb/lf-maven-jobs.rst | 1 + jjb/lf-maven-jobs.yaml | 5 +++++ releasenotes/notes/add-maven-snyk-cli-options-92c8508767f05a61.yaml | 5 +++++ shell/snyk-cli-scanner-run.sh | 4 ++-- 4 files changed, 13 insertions(+), 2 deletions(-) create mode 100644 releasenotes/notes/add-maven-snyk-cli-options-92c8508767f05a61.yaml diff --git a/docs/jjb/lf-maven-jobs.rst b/docs/jjb/lf-maven-jobs.rst index be166c16..e9b7ddec 100644 --- a/docs/jjb/lf-maven-jobs.rst +++ b/docs/jjb/lf-maven-jobs.rst @@ -215,6 +215,7 @@ Builds the code, downloads and runs a Snyk CLI scan of the code into the Snyk da :mvn-opts: Sets MAVEN_OPTS to start up the JVM running Maven. (default: '') :mvn-params: Parameters to pass to the mvn CLI. (default: '') :mvn-version: Version of maven to use. (default: mvn35) + :snyk-cli-options: Additional Snyk CLI options. (default: '') :stream: Keyword that represents a release code-name. Often the same as the branch. (default: master) :submodule-recursive: Whether to checkout submodules recursively. diff --git a/jjb/lf-maven-jobs.yaml b/jjb/lf-maven-jobs.yaml index 73a4744f..84d31e86 100644 --- a/jjb/lf-maven-jobs.yaml +++ b/jjb/lf-maven-jobs.yaml @@ -316,6 +316,7 @@ mvn-opts: "" mvn-params: "" mvn-version: mvn35 + snyk-cli-options: "" snyk-token-credential-id: snyk-token snyk-org-credential-id: snyk-org stream: master @@ -336,6 +337,10 @@ mvn-opts: "{mvn-opts}" mvn-params: "{mvn-params}" mvn-version: "{mvn-version}" + - string: + name: SNYK_CLI_OPTIONS + default: "{snyk-cli-options}" + description: Additional Snyk CLI commands and options - string: name: ARCHIVE_ARTIFACTS default: "{archive-artifacts}" diff --git a/releasenotes/notes/add-maven-snyk-cli-options-92c8508767f05a61.yaml b/releasenotes/notes/add-maven-snyk-cli-options-92c8508767f05a61.yaml new file mode 100644 index 00000000..28b797a4 --- /dev/null +++ b/releasenotes/notes/add-maven-snyk-cli-options-92c8508767f05a61.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Add SNYK_CLI_OPTIONS parameter which can be used to pass additional Snyk + CLI options as per https://docs.snyk.io/snyk-cli/cli-reference. diff --git a/shell/snyk-cli-scanner-run.sh b/shell/snyk-cli-scanner-run.sh index 63ba1cd3..7e42784d 100644 --- a/shell/snyk-cli-scanner-run.sh +++ b/shell/snyk-cli-scanner-run.sh @@ -22,5 +22,5 @@ snyk --version echo "Authenticate with SNYK_TOKEN..." snyk auth "$SNYK_CLI" echo "Running Snyk CLI..." -snyk test --json --severity-threshold=low --org="$SNYK_ORG" -snyk monitor --severity-threshold=low --org="$SNYK_ORG" +snyk test --json --severity-threshold=low "$SNYK_CLI_OPTIONS" --org="$SNYK_ORG" +snyk monitor --severity-threshold=low "$SNYK_CLI_OPTIONS" --org="$SNYK_ORG" -- 2.16.6