Document snyk usage #3576

anselmbradford · 2017-11-09T15:33:09Z

Current behavior

snyk dependency is used for running npm run test, however, this requires an authenticated snyk account. (snyk test requires an authenticated account. Please run snyk auth and try again.). There is documentation on why snyk is in the project or how it should be setup.

The text was updated successfully, but these errors were encountered:

anselmbradford · 2018-04-18T20:28:23Z

@ascott1 Since we're trialling snyk.io accounts, is having a command in the project necessary?

ascott1 · 2018-04-20T18:36:10Z

Since we're trialling snyk.io accounts, is having a command in the project necessary?

I'd lean towards no, assuming we have a process for monitoring/resolving snyk alerts.

saracope · 2019-04-18T13:49:15Z

Is this still an issue you want help on? Wasn't sure based on the conversation above. Thanks!

anselmbradford · 2019-04-18T14:23:58Z

We could use a section in above https://cfpb.github.io/consumerfinance.gov/other-front-end-testing/#performance-testing for "Security testing" that lists running yarn test (formerly npm test) to run the snyk tests. We also have #2303, but looks like I ran into issues there.

anselmbradford added the documentation label Nov 9, 2017

anselmbradford changed the title ~~Document snyk~~ Document snyk usage Nov 9, 2017

anselmbradford mentioned this issue Feb 28, 2018

Add postinstall script for apps under cfgov-refresh #3831

Merged

anselmbradford added help wanted code.gov See https://github.com/GSA/code-gov/blob/master/HelpWanted.md labels Apr 18, 2018

wpears mentioned this issue Jul 16, 2019

Run npm test from gulp test #2303

Closed