Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add flag to exclude app vulnerabilities #3874

Merged
merged 2 commits into from Oct 4, 2022
Merged

feat: add flag to exclude app vulnerabilities #3874

merged 2 commits into from Oct 4, 2022

Conversation

tommyknows
Copy link
Contributor

@tommyknows tommyknows commented Sep 27, 2022
edited

What does this PR do?

Although we already have a --app-vulns flag, the plan is to enable app-vulnerability scanning in containers by default. Before doing that, we want to give customers the opportunity to explicitly opt-out of the change in the default by introducing a new flag --exclude-app-vulns. This flag will co-exist with the --app-vulns flag until it's enabled by default, at which point the --app-vulns flag can be removed.

Additionally (second commit) it adds a warning message regarding the app-vuln enablement:
image

How should this be manually tested?

Run snyk container test without the --app-vulns flag, where the message should show up. Add --json and see how the message magically disappears :)

What are the relevant tickets?

https://snyksec.atlassian.net/browse/MYC-163
https://snyksec.atlassian.net/browse/MYC-175

@tommyknows tommyknows requested a review from a team September 27, 2022 13:59
@tommyknows tommyknows requested review from a team as code owners September 27, 2022 13:59
@github-actions
Copy link
Contributor

github-actions bot commented Sep 27, 2022
edited

Warnings
⚠️

Since the CLI is unifying on a standard and improved tooling, we're starting to migrate old-style imports and exports to ES6 ones.
A file you've modified is using either module.exports or require(). If you can, please update them to ES6 import syntax and export syntax.
Files found:

  • src/cli/commands/monitor/index.ts
  • src/cli/commands/test/index.ts

Generated by 🚫 dangerJS against 9216c49

@tommyknows tommyknows force-pushed the feat/no-app-vulns branch 3 times, most recently from 0f60525 to 6623a4a Compare September 28, 2022 11:40
@tommyknows tommyknows force-pushed the feat/no-app-vulns branch 2 times, most recently from 1979ad6 to acebdaa Compare September 29, 2022 13:13
@tommyknows
feat: add flag to exclude app vulnerabilities
5d704e2 
Although we already have a `--app-vulns` flag, the plan is to enable
app-vulnerability scanning in containers by default. Before doing that,
we want to give customers the opportunity to explicitly opt-out of the
change in the default by introducing a new flag `--exclude-app-vulns`.
This flag will co-exist with the `--app-vulns` flag until it's enabled
by default, at which point the `--app-vulns` flag can be removed.
@tommyknows
feat: print warning message on app-vulns enablement
9216c49 
We want to notify customers about the upcoming change to scan app vulns
by default in the CLI. As such, this commit adds a warning message
whenever `container monitor` or `container test` is executed.
@tommyknows tommyknows merged commit 0f54465 into master Oct 4, 2022
@tommyknows tommyknows deleted the feat/no-app-vulns branch October 4, 2022 11:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gitphill gitphill gitphill approved these changes

@yaronschwimmer yaronschwimmer yaronschwimmer approved these changes

@Avishagp Avishagp Avishagp approved these changes

@topaztee topaztee Awaiting requested review from topaztee topaztee was automatically assigned from snyk/snyk-open-source

@hadasgo hadasgo Awaiting requested review from hadasgo hadasgo was automatically assigned from snyk/snyk-open-source

@Jdunsby Jdunsby Awaiting requested review from Jdunsby Jdunsby was automatically assigned from snyk/snyk-open-source

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@tommyknows @gitphill @yaronschwimmer @Avishagp