Skip to content

Commit

Permalink
GITBOOK-8624: vc-Check tables after GitBook update
Browse files Browse the repository at this point in the history
  • Loading branch information
@VeronicaSnyk @gitbook-bot
VeronicaSnyk authored and gitbook-bot committed Dec 13, 2024
1 parent d4cc856 commit 999e06d
Show file tree
Hide file tree
Showing 13 changed files with 127 additions and 109 deletions.
5 changes: 1 addition & 4 deletions ...upported-languages-package-managers-and-frameworks/.net/.net-for-open-source.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,7 @@ Refer to the [.NET details](./) for supported package managers and features.

The following summarizes Snyk Open Source support for NuGet and Paket,

| Package managers Features | CLI support | Git support | License scanning | Fix PRs |
| ------------------------------------------------------ | ----------- | ----------- | ---------------- | ------- |
| [NuGet](https://www.nuget.org) | ✔︎ | ✔︎ | ✔︎ | ✔︎ |
| [Paket](https://fsprojects.github.io/Paket/index.html) | ✔︎ | | | |
<table><thead><tr><th>Package managers Features</th><th width="143">CLI support</th><th>SCM support</th><th>License scanning</th><th>Fix PRs</th></tr></thead><tbody><tr><td><a href="https://www.nuget.org">NuGet</a></td><td>✔︎</td><td>✔︎</td><td>✔︎</td><td>✔︎</td></tr><tr><td><a href="https://fsprojects.github.io/Paket/index.html">Paket</a></td><td>✔︎</td><td></td><td></td><td></td></tr></tbody></table>

Snyk does not support PackageReference without a version attribute. If your Project lacks this, Snyk may fail to open a PR for your Project.\
\
Expand Down
75 changes: 43 additions & 32 deletions ...ed-languages-package-managers-and-frameworks/.net/guidance-for-snyk-for-.net.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ For further information on .NET automated fixes, see the [Snyk blog](https://sny
## Build-time versus runtime dependencies

* **Build-time dependency**: Snyk understands build-time dependency to be resolved during build time and not susceptible to change at runtime.
* **Runtime dependency**: Snyk understands runtime dependency to be resolved against the installed runtime, for example, packages coming from the .NET framework (<=4) / .NET [runtime](https://docs.microsoft.com/en-us/dotnet/core/versions/selection?WT.mc\_id=DOP-MVP-5001511&) (for Core and .NET 5+) such as [`System.Net.Http`](https://www.nuget.org/packages/System.Net.Http) . Snyk sometimes refers to runtime dependencies as meta-packages.
* **Runtime dependency**: Snyk understands runtime dependency to be resolved against the installed runtime, for example, packages coming from the .NET framework (<=4) / .NET [runtime](https://docs.microsoft.com/en-us/dotnet/core/versions/selection?WT.mc_id=DOP-MVP-5001511&) (for Core and .NET 5+) such as [`System.Net.Http`](https://www.nuget.org/packages/System.Net.Http) . Snyk sometimes refers to runtime dependencies as meta-packages.

You can choose one of the following actions to address **vulnerabilities from runtime dependencies**. These vary between the SCM and the CLI.

Expand Down Expand Up @@ -55,36 +55,51 @@ For framework support, see [Snyk Code - Supported languages and frameworks](../)

## Nuget

* **Target Frameworks**: Snyk identifies the target frameworks and presents results against each identified version using the git integration.
* **Development dependencies**: Snyk generally does not scan developer dependencies, as they are not usually pushed to production and are seen as "noise." \
Enable visibility in Nuget git import using the **Settings > Languages > .Net** settings (see [Git settings for .NET](./#git-settings-for-.net)). \
Snyk scans and fixes the build and `development Dependency` sections of your [`*.proj`](#user-content-fn-1)[^1], `packages.config` and `project.json` files
* **Lock files**: Currently, **packages-lock.json** is not supported. Snyk interacts with the build system to determine the installed dependencies.
* **PackageReference:** Snyk currently requires a version attribute. If your Project lacks this, Snyk may fail to open a PR for your Project.
* **Git analysis**
**Target Frameworks**: Snyk identifies the target frameworks and presents results against each identified version using the git integration.

How dependency trees are created:
**Development dependencies**: Snyk generally does not scan developer dependencies, as they are not usually pushed to production and are seen as "noise." \
Enable visibility in Nuget git import using the **Settings > Languages > .Net** settings (see [Git settings for .NET](./#git-settings-for-.net)). \
Snyk scans and fixes the build and `development Dependency` sections of your [`*.proj`](#user-content-fn-1)[^1], `packages.config` and `project.json` files

* For .NET Core, using the \*.proj files&#x20;
* For .NET Framework, using the \*.proj file, and packages.config
**Lock files**: Currently, **packages-lock.json** is not supported. Snyk interacts with the build system to determine the installed dependencies.

Git integrations support the following:&#x20;
**PackageReference:** Snyk currently requires a version attribute. If your Project lacks this, Snyk may fail to open a PR for your Project.

* \*.csproj&#x20;
* \*.fsproj
* \*.vbproj
* packages.config
**Git analysis**

Fix Pull Requests
How dependency trees are created:

* If you currently manage your Project dependencies with NuGet and leverage [`PackageReference`](https://docs.microsoft.com/en-us/nuget/consume-packages/package-references-in-project-files) or [`packages.config`](https://docs.microsoft.com/en-us/nuget/reference/packages-config) Snyk can automatically update the dependency version in your manifest file, provided there is an actual fix for it. You can then review and merge your fixes.
* **CLI Analysis**
* For .NET Core, using the \*.proj files&#x20;
* For .NET Framework, using the \*.proj file, and packages.config

The CLI supports the following config files:
SCM integrations support the following:&#x20;

| project.assets.json | packages.config |
| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------- |
| <p></p><p>Snyk can scan project.assets.json to determine dependencies, but the file must be generated. Similarly, if you point to the solution file (.sln), you must generate the file first.</p><p></p><p>Run "<strong>dotnet restore"</strong> to generate the necessary <code>project.assets.json</code> before running the "<strong>snyk test</strong>" command.</p><p></p><p>The solution file contains pointers to the files necessary to perform the analysis. Note that the projects themselves must have <code>project.assets.json</code> files to be scanned. If you want Snyk to use the solution file as an entry point for scanning, you can point the Snyk CLI to the solution file by using <code>--file=&#x3C;filename>.sln</code>.</p><p></p><p>Where multiple target frameworks are used in the same Project, the CLI scan returns results for the first target framework declared in the Project.</p> | Run "**nuget install -OutputDirectory packages**" before running the **snyk test** command. |
* \*.csproj&#x20;
* \*.fsproj
* \*.vbproj
* packages.config

Fix Pull Requests

* If you currently manage your Project dependencies with NuGet and leverage [`PackageReference`](https://docs.microsoft.com/en-us/nuget/consume-packages/package-references-in-project-files) or [`packages.config`](https://docs.microsoft.com/en-us/nuget/reference/packages-config) Snyk can automatically update the dependency version in your manifest file, provided there is an actual fix for it. You can then review and merge your fixes.

**CLI Analysis**

The CLI supports the following config files:

**project.assets.json**

Snyk can scan project.assets.json to determine dependencies, but the file must be generated. Similarly, if you point to the solution file (.sln), you must generate the file first.

Run "**dotnet restore"** to generate the necessary `project.assets.json` before running the "**snyk test**" command.

The solution file contains pointers to the files necessary to perform the analysis. Note that the projects themselves must have `project.assets.json` files to be scanned. If you want Snyk to use the solution file as an entry point for scanning, you can point the Snyk CLI to the solution file by using `--file=<filename>.sln`.

Where multiple target frameworks are used in the same Project, the CLI scan returns results for the first target framework declared in the Project.

**packages.config**

Run "**nuget install -OutputDirectory packages**" before running the **snyk test** command.

{% hint style="info" %}
Runtime dependencies (provided by the runtime environment known as "meta-packages") are resolved more accurately in the CLI if the host machine uses a similar runtime SDK to the server running the app.
Expand All @@ -98,23 +113,19 @@ For more information on Paket support, see [Snyk for .NET](./).

## Other

Snyk provides custom test APIs for your unique dependency management strategies.

:link: [List issues for a package](https://apidocs.snyk.io/?version=2022-11-14#get-/orgs/-org\_id-/packages/-purl-/issues)&#x20;
Snyk provides custom test APIs for your unique dependency management strategies. navigate to the [List issues for a package](https://apidocs.snyk.io/?version=2022-11-14#get-/orgs/-org_id-/packages/-purl-/issues) page for more details.

## Build-time versus runtime dependencies

See [.NET](./) for more information
Navigate to the [.NET](./) page for more information.

## Snyk CLI tips and tricks

[CLI cheat sheet](https://snyk.io/blog/snyk-cli-cheat-sheet/)
Navigate to the [CLI cheat sheet](https://snyk.io/blog/snyk-cli-cheat-sheet/) page for more details.

## What to test&#x20;

Use the `--help` option in the CLI for details of Snyk CLI commands.

[CLI commands and options summary](../../snyk-cli/cli-commands-and-options-summary.md)
Use the `--help` option in the CLI for details of Snyk CLI commands. Navigate to the [CLI commands and options summary](../../snyk-cli/cli-commands-and-options-summary.md) page for more details.

### **Open Source libraries**

Expand All @@ -135,7 +146,7 @@ Use the `snyk code test` command from the root of the Project to perform source

### Infrastructure as Code

[Infrastructure as Code security](https://snyk.io/product/infrastructure-as-code-security/)
Navigate to the [Infrastructure as Code security](https://snyk.io/product/infrastructure-as-code-security/) page for more details.

### **Helpful options and plugins**

Expand Down
2 changes: 1 addition & 1 deletion docs/supported-languages-package-managers-and-frameworks/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ For IaC language support, see [Supported IaC languages, cloud providers, and clo

The following table lists supported languages and the availability of support for using each language with SCM integrations and Snyk CLI, IDE, and CI/CD. Navigate to each language page for more details.

<table><thead><tr><th width="308">Language</th><th width="204">Snyk Open Source</th><th width="210">Snyk Code</th><th data-hidden>SCM support</th><th data-hidden>Snyk CLI, IDE, CI/CD</th></tr></thead><tbody><tr><td><a href="apex.md">Apex</a></td><td><span data-gb-custom-inline data-tag="emoji" data-code="2716">✖️</span></td><td>✔️</td><td>✔️</td><td>✔️</td></tr><tr><td><a href="c-c++/">C/C++</a></td><td>✔️</td><td>✔️</td><td>For Snyk Code</td><td>✔️</td></tr><tr><td><a href="dart-and-flutter.md">Dart and Flutter</a></td><td>✔️</td><td><span data-gb-custom-inline data-tag="emoji" data-code="2716">✖️</span></td><td><span data-gb-custom-inline data-tag="emoji" data-code="2716">✖️</span></td><td><span data-gb-custom-inline data-tag="emoji" data-code="2716">✖️</span></td></tr><tr><td><a href="elixir.md">Elixir</a></td><td>✔️</td><td><span data-gb-custom-inline data-tag="emoji" data-code="2716">✖️</span></td><td><span data-gb-custom-inline data-tag="emoji" data-code="2716">✖️</span></td><td>✔️</td></tr><tr><td><a href="go/">Go</a></td><td>✔️</td><td>✔️</td><td>✔️</td><td>✔️</td></tr><tr><td><a href="java-and-kotlin/">Java and Kotlin</a></td><td>✔️</td><td>✔️</td><td>✔️</td><td>✔️</td></tr><tr><td><a href="javascript/">JavaScript</a></td><td>✔️</td><td>✔️</td><td>✔️</td><td>✔️</td></tr><tr><td><a href=".net/">.NET</a></td><td>✔️</td><td>✔️</td><td>✔️</td><td>✔️</td></tr><tr><td><a href="php/">PHP</a></td><td>✔️</td><td>✔️</td><td>✔️</td><td>✔️</td></tr><tr><td><a href="python/">Python</a></td><td>✔️</td><td>✔️</td><td>✔️</td><td>✔️</td></tr><tr><td><a href="ruby/">Ruby</a></td><td>✔️</td><td>✔️</td><td>✔️</td><td>✔️</td></tr><tr><td><a href="rust.md">Rust</a></td><td>✔️</td><td><span data-gb-custom-inline data-tag="emoji" data-code="2716">✖️</span></td><td><span data-gb-custom-inline data-tag="emoji" data-code="2716">✖️</span></td><td><span data-gb-custom-inline data-tag="emoji" data-code="2716">✖️</span></td></tr><tr><td><a href="scala/">Scala</a></td><td>✔️</td><td>✔️</td><td>✔️</td><td>✔️</td></tr><tr><td><a href="swift-and-objective-c/">Swift and Objective-C</a></td><td>✔️</td><td>✔️</td><td>✔️</td><td>✔️</td></tr><tr><td><a href="typescript.md">TypeScript</a></td><td>✔️</td><td>✔️</td><td>✔️</td><td>✔️</td></tr><tr><td><a href="vb.net.md">VB NET</a></td><td><span data-gb-custom-inline data-tag="emoji" data-code="2716">✖️</span></td><td>✔️</td><td>✔️</td><td>✔️</td></tr></tbody></table>
<table><thead><tr><th width="270">Language</th><th width="225">Snyk Open Source</th><th width="210">Snyk Code</th><th data-hidden>SCM support</th><th data-hidden>Snyk CLI, IDE, CI/CD</th></tr></thead><tbody><tr><td><a href="apex.md">Apex</a></td><td><span data-gb-custom-inline data-tag="emoji" data-code="2716">✖️</span></td><td>✔️</td><td>✔️</td><td>✔️</td></tr><tr><td><a href="c-c++/">C/C++</a></td><td>✔️</td><td>✔️</td><td>For Snyk Code</td><td>✔️</td></tr><tr><td><a href="dart-and-flutter.md">Dart and Flutter</a></td><td>✔️</td><td><span data-gb-custom-inline data-tag="emoji" data-code="2716">✖️</span></td><td><span data-gb-custom-inline data-tag="emoji" data-code="2716">✖️</span></td><td><span data-gb-custom-inline data-tag="emoji" data-code="2716">✖️</span></td></tr><tr><td><a href="elixir.md">Elixir</a></td><td>✔️</td><td><span data-gb-custom-inline data-tag="emoji" data-code="2716">✖️</span></td><td><span data-gb-custom-inline data-tag="emoji" data-code="2716">✖️</span></td><td>✔️</td></tr><tr><td><a href="go/">Go</a></td><td>✔️</td><td>✔️</td><td>✔️</td><td>✔️</td></tr><tr><td><a href="java-and-kotlin/">Java and Kotlin</a></td><td>✔️</td><td>✔️</td><td>✔️</td><td>✔️</td></tr><tr><td><a href="javascript/">JavaScript</a></td><td>✔️</td><td>✔️</td><td>✔️</td><td>✔️</td></tr><tr><td><a href=".net/">.NET</a></td><td>✔️</td><td>✔️</td><td>✔️</td><td>✔️</td></tr><tr><td><a href="php/">PHP</a></td><td>✔️</td><td>✔️</td><td>✔️</td><td>✔️</td></tr><tr><td><a href="python/">Python</a></td><td>✔️</td><td>✔️</td><td>✔️</td><td>✔️</td></tr><tr><td><a href="ruby/">Ruby</a></td><td>✔️</td><td>✔️</td><td>✔️</td><td>✔️</td></tr><tr><td><a href="rust.md">Rust</a></td><td>✔️</td><td><span data-gb-custom-inline data-tag="emoji" data-code="2716">✖️</span></td><td><span data-gb-custom-inline data-tag="emoji" data-code="2716">✖️</span></td><td><span data-gb-custom-inline data-tag="emoji" data-code="2716">✖️</span></td></tr><tr><td><a href="scala/">Scala</a></td><td>✔️</td><td>✔️</td><td>✔️</td><td>✔️</td></tr><tr><td><a href="swift-and-objective-c/">Swift and Objective-C</a></td><td>✔️</td><td>✔️</td><td>✔️</td><td>✔️</td></tr><tr><td><a href="typescript.md">TypeScript</a></td><td>✔️</td><td>✔️</td><td>✔️</td><td>✔️</td></tr><tr><td><a href="vb.net.md">VB NET</a></td><td><span data-gb-custom-inline data-tag="emoji" data-code="2716">✖️</span></td><td>✔️</td><td>✔️</td><td>✔️</td></tr></tbody></table>

## Package managers and frameworks

Expand Down
7 changes: 4 additions & 3 deletions ...ported-languages-package-managers-and-frameworks/c-c++/c-c++-for-open-source.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ Refer to the [C/C++ details ](./)for supported package managers and features.

Snyk features that support the management of open-source dependencies include the following:

<table><thead><tr><th width="267">Package managers / Features</th><th>CLI support</th><th>Git support</th><th>License scanning</th><th>Fix PRs</th></tr></thead><tbody><tr><td>C/C++</td><td>✔︎</td><td></td><td>✔︎</td><td></td></tr></tbody></table>
<table><thead><tr><th width="250">Package managers / Features</th><th>CLI support</th><th width="116">SCM support</th><th>License scanning</th><th>Fix PRs</th></tr></thead><tbody><tr><td>C/C++</td><td>✔︎</td><td></td><td>✔︎</td><td></td></tr></tbody></table>

For information about managing dependencies and licenses from your developer workflows through policy, see the following

Expand All @@ -19,8 +19,9 @@ To check compliance for open source licenses, see [Snyk License Compliance Manag

## IDE for C++ for open-source dependencies

IDE Under **Additional Parameters** in the IDE settings, enter the **--unmanaged** option to scan for C/C++ open source dependencies.
Scan for dependencies"><figcaption><p>Scan for dependencies</p></figcaption></figure>
IDE Under **Additional Parameters** in the IDE settings, enter the **--unmanaged** option to scan for C/C++ open source dependencies. Scan for dependencies">

Scan for dependencies

## Troubleshooting C++ for open source

Expand Down
9 changes: 0 additions & 9 deletions docs/supported-languages-package-managers-and-frameworks/go/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,13 +45,4 @@ The following features are supported in Snyk for Go:
| Snyk Open Source | Snyk Code |
| -------------------------------------------------- | ------------------------------------------------------------------------- |
| <ul><li>License scanning</li><li>Reports</li></ul> | <ul><li>Reports</li><li>Custom rules</li><li>Interfile analysis</li></ul> |
| | |
| | |



* License scanning&#x20;
* Custom rules
* Reports
* Interfile analysis

Loading

0 comments on commit 999e06d

Please sign in to comment.