snyk-filter takes the JSON outputted from the Snyk CLI, e.g. snyk test --json
and applies custom filtering of the results, as well as options to fail your build.
Just a test
First, clone the repo. Then run
npm install -g
snyk-filter uses the node-jq
library, which requires that a jq
binary is installed. This typically happens transparently via npm install -g
, but on some systems JQ does not get properly installed locally. If you receive an error after installation regarding node-jq
, then jq
should be installed manually to avoid this error.
# install jq ahead of time (ubuntu example)
sudo apt-get install -y jq
# tell node-jq to skip trying to install it on its own
export NODE_JQ_SKIP_INSTALL_BINARY=true
# tell node-jq where the existing jq binary is
export JQ_PATH=$(which jq)
# finally, install snyk-filter (does not work with node version > 12)
sudo npm install -g
-
Implement your custom JQ filters in a .snyk-filter/snyk.yml file relative to your current working directory where you will be running snyk test from (see in sample-filters and tweak things from there - use JQPlay )
-
Then pipe your
snyk test --json
output intosnyk-filter
or use the-i
argument to input a json file. Use the-f
argument to point to the yml file containing your custom filters if you are not using the default location (.snyk-filter/snyk.yml). -
Return code of snyk-filter will be 0 for pass (no issues) and 1 for fail (issues found)
snyk test --json | snyk-filter
snyk test --json | snyk-filter -f /path/to/example-cvss-9-or-above.yml
snyk-filter -i snyk_results.json
snyk-filter -i snyk_results.json -f /path/to/example-high-upgradeable-vulns.yml
--json
to output json