snyk-filter takes the JSON outputted from the Snyk CLI, e.g. snyk test --json and applies custom filtering of the results, as well as options to fail your build.
This repository is not in active developemnt and critical bug fixes only will be considered.
npm i -g snyk-filter
snyk-filter uses the node-jq library, which requires that a jq binary is installed. This typically happens transparently via npm install -g, but on some systems JQ does not get properly installed locally. If you receive an error after installation regarding node-jq, then jq should be installed manually to avoid this error.
# install jq ahead of time (ubuntu example)
sudo apt-get install -y jq
# tell node-jq to skip trying to install it on its own
export NODE_JQ_SKIP_INSTALL_BINARY=true
# tell node-jq where the existing jq binary is
export JQ_PATH=$(which jq)
# finally, install snyk-filter (does not work with node version > 12)
sudo npm install -g
-
Implement your custom JQ filters in a .snyk-filter/snyk.yml file relative to your current working directory where you will be running snyk test from (see in sample-filters and tweak things from there - use JQPlay )
-
Then pipe your
snyk test --jsonoutput intosnyk-filteror use the-iargument to input a json file. Use the-fargument to point to the yml file containing your custom filters if you are not using the default location (.snyk-filter/snyk.yml). -
Return code of snyk-filter will be 0 for pass (no issues) and 1 for fail (issues found)
snyk test --json | snyk-filter
snyk test --json | snyk-filter -f /path/to/example-cvss-9-or-above.yml
snyk-filter -i snyk_results.json
snyk-filter -i snyk_results.json -f /path/to/example-high-upgradeable-vulns.yml
--json to output json