Skip to content

Commit 343ec4b

Browse files
CatalinSnykCatalinSnyk
authored
Merge pull request #6350 from snyk/chore/CLI-1270_user_journey_UFM_sarif_tests
chore: add user-journey test for UFM SARIF rendering
2 parents 0e50fae + c3aa287 commit 343ec4b

File tree

4 files changed

+46
-3
lines changed

4 files changed

+46
-3
lines changed

cliv2/go.mod

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ require (
1818
github.com/snyk/cli-extension-sbom v0.0.0-20251113132837-5f6cc6d0cb26
1919
github.com/snyk/container-cli v0.0.0-20250321132345-1e2e01681dd7
2020
github.com/snyk/error-catalog-golang-public v0.0.0-20251024131459-25bdd340f134
21-
github.com/snyk/go-application-framework v0.0.0-20251203150055-1d5045f0025a
21+
github.com/snyk/go-application-framework v0.0.0-20251204154041-f17021f1a502
2222
github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65
2323
github.com/snyk/snyk-iac-capture v0.6.5
2424
github.com/snyk/snyk-ls v0.0.0-20251202122720-659b8a92f4cd
@@ -71,6 +71,7 @@ require (
7171
github.com/charmbracelet/x/ansi v0.8.0 // indirect
7272
github.com/charmbracelet/x/cellbuf v0.0.13-0.20250311204145-2c3ea96c31dd // indirect
7373
github.com/charmbracelet/x/term v0.2.1 // indirect
74+
github.com/chzyer/readline v1.5.1 // indirect
7475
github.com/cloudflare/circl v1.6.1 // indirect
7576
github.com/cncf/xds/go v0.0.0-20241223141626-cff3c89139a3 // indirect
7677
github.com/containerd/console v1.0.3 // indirect
@@ -147,6 +148,7 @@ require (
147148
github.com/leodido/go-urn v1.2.4 // indirect
148149
github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
149150
github.com/mailru/easyjson v0.9.0 // indirect
151+
github.com/manifoldco/promptui v0.9.0 // indirect
150152
github.com/mark3labs/mcp-go v0.43.0 // indirect
151153
github.com/mattn/go-colorable v0.1.14 // indirect
152154
github.com/mattn/go-isatty v0.0.20 // indirect

cliv2/go.sum

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -735,8 +735,14 @@ github.com/charmbracelet/x/term v0.2.1 h1:AQeHeLZ1OqSXhrAWpYUtZyX1T3zVxfpZuEQMIQ
735735
github.com/charmbracelet/x/term v0.2.1/go.mod h1:oQ4enTYFV7QN4m0i9mzHrViD7TQKvNEEkHUMCmsxdUg=
736736
github.com/cheggaaa/pb v1.0.27/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s=
737737
github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
738+
github.com/chzyer/logex v1.2.1 h1:XHDu3E6q+gdHgsdTPH6ImJMIp436vR6MPtH8gP05QzM=
739+
github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
738740
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
741+
github.com/chzyer/readline v1.5.1 h1:upd/6fQk4src78LMRzh5vItIt361/o4uq553V8B5sGI=
742+
github.com/chzyer/readline v1.5.1/go.mod h1:Eh+b79XXUwfKfcPLepksvw2tcLE/Ct21YObkaSkeBlk=
739743
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
744+
github.com/chzyer/test v1.0.0 h1:p3BQDXSxOhOG0P9z6/hGnII4LGiEPOYBhs8asl/fC04=
745+
github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
740746
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
741747
github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0=
742748
github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
@@ -1146,6 +1152,8 @@ github.com/lyft/protoc-gen-star v0.6.1/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuz
11461152
github.com/lyft/protoc-gen-star/v2 v2.0.1/go.mod h1:RcCdONR2ScXaYnQC5tUzxzlpA3WVYF7/opLeUgcQs/o=
11471153
github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
11481154
github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
1155+
github.com/manifoldco/promptui v0.9.0 h1:3V4HzJk1TtXW1MTZMP7mdlwbBpIinw3HztaIlYthEiA=
1156+
github.com/manifoldco/promptui v0.9.0/go.mod h1:ka04sppxSGFAtxX0qhlYQjISsg9mR4GWtQEhdbn6Pgg=
11491157
github.com/mark3labs/mcp-go v0.43.0 h1:lgiKcWMddh4sngbU+hoWOZ9iAe/qp/m851RQpj3Y7jA=
11501158
github.com/mark3labs/mcp-go v0.43.0/go.mod h1:YnJfOL382MIWDx1kMY+2zsRHU/q78dBg9aFb8W6Thdw=
11511159
github.com/maruel/natural v1.1.1 h1:Hja7XhhmvEFhcByqDoHz9QZbkWey+COd9xWfCfn1ioo=
@@ -1312,8 +1320,8 @@ github.com/snyk/container-cli v0.0.0-20250321132345-1e2e01681dd7 h1:/2+2piwQtB9f
13121320
github.com/snyk/container-cli v0.0.0-20250321132345-1e2e01681dd7/go.mod h1:38w+dcAQp9eG3P5t2eNS9eG0reut10AeJjLv5lJ5lpM=
13131321
github.com/snyk/error-catalog-golang-public v0.0.0-20251024131459-25bdd340f134 h1:IKwMDrwicB07NDS+VrI6I8qowqdDpKI0nBEvMnbSu+w=
13141322
github.com/snyk/error-catalog-golang-public v0.0.0-20251024131459-25bdd340f134/go.mod h1:Ytttq7Pw4vOCu9NtRQaOeDU2dhBYUyNBe6kX4+nIIQ4=
1315-
github.com/snyk/go-application-framework v0.0.0-20251203150055-1d5045f0025a h1:B8g+xOyKix3n5cPuOsaR8NDZcZN5NzJFEd3zK6ukv1Y=
1316-
github.com/snyk/go-application-framework v0.0.0-20251203150055-1d5045f0025a/go.mod h1:HXON5jD2A4GarLrQyUSLBGR7jJy7LfzzHmjdkLe3VCk=
1323+
github.com/snyk/go-application-framework v0.0.0-20251204154041-f17021f1a502 h1:DLlpODN63pytLGpTby/9zvaf8m3mXWNQc1fEm/9Ul1E=
1324+
github.com/snyk/go-application-framework v0.0.0-20251204154041-f17021f1a502/go.mod h1:T+dt4+4XFAJ4PmoGgt/hrx7LiY+vaz+m9V4UYe24Rpc=
13171325
github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65 h1:CEQuYv0Go6MEyRCD3YjLYM2u3Oxkx8GpCpFBd4rUTUk=
13181326
github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65/go.mod h1:88KbbvGYlmLgee4OcQ19yr0bNpXpOr2kciOthaSzCAg=
13191327
github.com/snyk/policy-engine v1.1.0 h1:vFbFZbs3B0Y3XuGSur5om2meo4JEcCaKfNzshZFGOUs=
@@ -1667,6 +1675,7 @@ golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
16671675
golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I=
16681676
golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
16691677
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
1678+
golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
16701679
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
16711680
golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
16721681
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1731,6 +1740,7 @@ golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBc
17311740
golang.org/x/sys v0.0.0-20220204135822-1c1b9b1eba6a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
17321741
golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
17331742
golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
1743+
golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
17341744
golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
17351745
golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
17361746
golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

test/jest/acceptance/cli-sarif-output.spec.ts

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,17 @@ const TEST_CASES: Array<TestCase> = [
3535
target: join(__dirname, '../../fixtures/npm/with-vulnerable-lodash-dep'),
3636
env: { ...process.env },
3737
},
38+
{
39+
name: 'Snyk Open Source (UFM)',
40+
cmd: 'test --sarif --reachability',
41+
target: join(__dirname, '../../fixtures/npm/with-vulnerable-lodash-dep'),
42+
env: {
43+
...process.env,
44+
INTERNAL_SNYK_CLI_REACHABILITY_ENABLED: 'true',
45+
INTERNAL_SNYK_CLI_EXPERIMENTAL_RISK_SCORE: 'true',
46+
INTERNAL_SNYK_CLI_EXPERIMENTAL_RISK_SCORE_IN_CLI: 'true',
47+
},
48+
},
3849
{
3950
name: 'Snyk Code (native)',
4051
cmd: 'code test --sarif',

test/jest/acceptance/snyk-test/reachability-user-journey.spec.ts

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -176,6 +176,26 @@ describe('snyk test --reachability', () => {
176176
expect(code).toBe(EXIT_CODES.VULNS_FOUND);
177177
});
178178

179+
test('works with --sarif', async () => {
180+
const { stdout, code } = await runSnykCLI(
181+
`test ${TEMP_LOCAL_PATH} --reachability --sarif`,
182+
{
183+
env: {
184+
...process.env,
185+
...ReachabilityIntegrationEnv.env,
186+
},
187+
},
188+
);
189+
190+
expect(stdout).not.toBe('');
191+
192+
const sarifOutputJson = JSON.parse(stdout);
193+
expect(sarifOutputJson['$schema']).toBeDefined();
194+
expect(sarifOutputJson.runs[0].results.length).toBeGreaterThanOrEqual(1);
195+
196+
expect(code).toBe(EXIT_CODES.VULNS_FOUND);
197+
});
198+
179199
test('works with --json and --sarif-file-output', async () => {
180200
const tmppath = tmpdir();
181201
const sarifOutputPath = join(tmppath, 'test.sarif');

0 commit comments

Comments
 (0)