Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrating Snyk Analysis Tool #88

Open
wants to merge 7 commits into
base: f24
Choose a base branch
from
Open

Integrating Snyk Analysis Tool #88

wants to merge 7 commits into from
+280 −1

Conversation

njouud
Copy link

@njouud njouud commented Oct 30, 2024
edited
Loading

Pull request for integrating snyk, a static security analysis tool, with the codebase. Snyk scans the dependencies of the codebase for vulnerabilities (security risks) and provides code security analysis on the app.snyk.io website.

1. Process:

  • Installed the tool withnpm install -g snyk, then made a snyk account with snyk auth to be able to run tests, then finally snyk test to run the test scan, where the output is given in the terminal (screenshots below).
  • Copied the Snyk API key and stored it in github secrets under Actions of this repository
  • Created the below files

2. Changed files:
package.json: manually added the tool in the dev dependencies with "snyk": "1.1293.1".
install/package.json: manually added the tool in dev dependencies with "snyk": "^1.1294.0" to address NPM install error.
.snyk: created a new file in the root of the application to add the dependencies snyk should ignore (with specifying the reason for ignoring).
.github/workflows/snyk.yaml: file to integrate Snyk in the github actions workflow, specifying the severity threshold of vulnerability risks to test (high vulnerability) and the frequency of running tests (every PR).

3. Terminal output screenshots (after resolving vulnerabilities by updating):
Screenshot 2024-10-31 at 10 33 41 PM

@coveralls
Copy link

coveralls commented Oct 30, 2024
edited
Loading

Pull Request Test Coverage Report for Build 11617396577

Warning: This coverage report may be inaccurate.

This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 82.367%
Totals Coverage Status
Change from base Build 11530671628: 0.0%
Covered Lines: 22368
Relevant Lines: 25711
💛 - Coveralls

@njouud njouud changed the title Adding snyk.yaml file Integrating Snyk Analysis Tool Oct 31, 2024
@njouud njouud requested a review from rkensouh October 31, 2024 19:31
@njouud njouud self-assigned this Oct 31, 2024
rkensouh
rkensouh reviewed Nov 1, 2024
View reviewed changes
Copy link

@rkensouh rkensouh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, ready for merging.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rkensouh rkensouh rkensouh left review comments

Assignees

@njouud njouud

Labels
Testing tool integration
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@njouud @coveralls @rkensouh