snyk-filter takes the JSON outputted from the Snyk CLI, e.g. snyk test --json and applies custom filtering of the results, as well as options to fail your build.
This repository is in maintenance mode, no new features are being developed. Bug & security fixes will continue to be delivered. Open source contributions are welcome for small features & fixes (no breaking changes)
npm i -g snyk-filter
snyk-filter uses the node-jq library, which requires that a jq binary is installed. This typically happens transparently via npm install -g, but on some systems JQ does not get properly installed locally. If you receive an error after installation regarding node-jq, then jq should be installed manually to avoid this error.
# install jq ahead of time (ubuntu example)
sudo apt-get install -y jq
# tell node-jq to skip trying to install it on its own
export NODE_JQ_SKIP_INSTALL_BINARY=true
# tell node-jq where the existing jq binary is
export JQ_PATH=$(which jq)
# finally, install snyk-filter (does not work with node version > 12)
sudo npm install -g
-
Implement your custom JQ filters in a .snyk-filter/snyk.yml file relative to your current working directory where you will be running snyk test from (see in sample-filters and tweak things from there - use JQPlay )
-
Then pipe your
snyk test --jsonoutput intosnyk-filteror use the-iargument to input a json file. Use the-fargument to point to the yml file containing your custom filters if you are not using the default location (.snyk-filter/snyk.yml). -
Return code of snyk-filter will be 0 for pass (no issues) and 1 for fail (issues found)
snyk test --json | snyk-filter
snyk test --json | snyk-filter -f /path/to/example-cvss-9-or-above.yml
snyk-filter -i snyk_results.json
snyk-filter -i snyk_results.json -f /path/to/example-high-upgradeable-vulns.yml
--json to output json