diff --git a/README.md b/README.md index c051667..260041a 100644 --- a/README.md +++ b/README.md @@ -65,4 +65,10 @@ Examples: team-name-a, team-name-b Specify a sub directory within the Git repository as the root directory for Snyk scanning. This is useful for repositories with submodules. -Example: submodule-a, submodule-b \ No newline at end of file +Example: submodule-a, submodule-b + +### `subDirectory` (optional) (mainly for testing) +Specify the specific package manager used for dependencies being tested. +This is useful for scanning dependencies in monorepos. + +Example: pip \ No newline at end of file diff --git a/hooks/command b/hooks/command index b17b2e7..e576558 100755 --- a/hooks/command +++ b/hooks/command @@ -85,11 +85,18 @@ then export SUB_DIRECTORY=$BUILDKITE_PLUGIN_SNYK_SUBDIRECTORY fi +# package manager experimental flag +if [[ -n "$BUILDKITE_PLUGIN_SNYK_PACKAGEMANAGER" ]]; +then + export PACKAGE_MANAGER=$BUILDKITE_PLUGIN_SNYK_PACKAGEMANAGER +fi + echo "Running command step!" DIR="$(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)" docker build -q ${DIR}/.. -t docker-snyk:latest docker run \ -e SUB_DIRECTORY \ + -e PACKAGE_MANAGER \ -e PLUGIN_NAME \ -e METRICS_TOPIC_ARN \ -e VERSION \ diff --git a/plugin.yml b/plugin.yml index ff0372f..c2c60f6 100644 --- a/plugin.yml +++ b/plugin.yml @@ -26,6 +26,8 @@ configuration: type: boolean subDirectory: type: string + packageManager: + type: string required: - org - language \ No newline at end of file diff --git a/snyk.py b/snyk.py index 9308e51..f0b29cd 100644 --- a/snyk.py +++ b/snyk.py @@ -29,6 +29,7 @@ ORG = os.environ['ORG'] NPM_TOKEN = os.environ['NPM_TOKEN'] if 'NPM_TOKEN' in os.environ else '' SUB_DIRECTORY = os.environ['SUB_DIRECTORY'] if 'SUB_DIRECTORY' in os.environ else '' + PACKAGE_MANAGER = os.environ['PACKAGE_MANAGER'] if 'PACKAGE_MANAGER' in os.environ else '' BLOCK = False if 'BLOCK' in os.environ and 'false' in os.environ['BLOCK'] else True PATH = os.environ['DEPENDENCY_PATH'] if 'DEPENDENCY_PATH' in os.environ else '' SEVERITY = os.environ['SEVERITY'] if 'SEVERITY' in os.environ else '' @@ -117,6 +118,9 @@ def snyk_test(): command.append('--file={}'.format(PATH)) if SCAN_DEV_DEPS: command.append('--dev') + if PACKAGE_MANAGER: + command.append(f'--packageManager={PACKAGE_MANAGER}') + response = subprocess.run(command, stdout=subprocess.PIPE) results = json.loads(response.stdout.decode()) results_seen = { @@ -194,6 +198,9 @@ def snyk_monitor(): command.append('--file={}'.format(PATH)) if SCAN_DEV_DEPS: command.append('--dev') + if PACKAGE_MANAGER: + command.append(f'--packageManager={PACKAGE_MANAGER}') + response = subprocess.run(command, stdout=subprocess.PIPE) result = json.loads(response.stdout.decode())