Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrating Snyk Analysis Tool (attempt 2) #91

Merged
merged 7 commits into from
Nov 1, 2024
Merged

Integrating Snyk Analysis Tool (attempt 2) #91

merged 7 commits into from
Nov 1, 2024

Conversation

njouud
Copy link

@njouud njouud commented Nov 1, 2024
edited
Loading

Pull request for integrating snyk, a static security analysis tool, with the codebase. Snyk scans the dependencies of the codebase for vulnerabilities (security risks) and provides code security analysis on the app.snyk.io website.

This is a second attempt, the first being pull request #88 which failed deployment, could have been due to the earlier commits having edited gitignore and commented out package.json.

1. Process:

  • Installed the tool withnpm install -g snyk, then made a snyk account with snyk auth to be able to run tests, then finally snyk test to run the test scan, where the output is given in the terminal (screenshots below).
  • Copied the Snyk API key and stored it in github secrets under Actions of this repository
  • Created the below files

2. Changed files:
install/package.json: manually added the tool in dev dependencies with "snyk": "^1.1294.0" to address NPM install error.
.install/snyk: created a new file to add the dependencies snyk should ignore (with specifying the reason for ignoring) (has to be in the same directory as package.json, so added it under install).
.github/workflows/snyk.yaml: file to integrate Snyk in the github actions workflow, specifying the severity threshold of vulnerability risks to test (high vulnerability) and the frequency of running tests (every PR).

3. Terminal output screenshots (after resolving vulnerabilities by updating):
Screenshot 2024-10-31 at 10 33 41 PM

@njouud njouud self-assigned this Nov 1, 2024
@coveralls
Copy link

coveralls commented Nov 1, 2024
edited
Loading

Pull Request Test Coverage Report for Build 11635732097

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.005%) to 82.372%
Totals Coverage Status
Change from base Build 11634384123: 0.005%
Covered Lines: 22369
Relevant Lines: 25711
💛 - Coveralls

@njouud njouud requested review from hibaabdullahhamad and Procos12 and removed request for hibaabdullahhamad November 1, 2024 20:16
Procos12
Procos12 reviewed Nov 1, 2024
View reviewed changes
Copy link

@Procos12 Procos12 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good
Snyk yaml and related package files are in order
Ready to merge and test

@njouud njouud merged commit 1bc0860 into f24 Nov 1, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Procos12 Procos12 Procos12 left review comments

Assignees

@njouud njouud

Labels
Testing tool integration
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@njouud @coveralls @Procos12