Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Snyk used in GitHub projects #717

Closed
sourabhsparkala opened this issue Oct 25, 2021 · 1 comment · Fixed by #860
Closed

Snyk used in GitHub projects #717

sourabhsparkala opened this issue Oct 25, 2021 · 1 comment · Fixed by #860
Assignees
@ManjunathMS35
Labels
poc Proof of concept
Milestone
1.10.0

Comments

@sourabhsparkala
Copy link
Member

The GitHub project uses Snyk for code analysis and sometimes creates PR with the suggestion

Things to do:

  • Check if information can be extracted from GitHub PRs, if Snyk is used in the project.
  • Check if Snyk configuration exists within the project.

For more information can be found in https://snyk.io/blog/getting-started-snyk-for-secure-python-development/
@sourabhsparkala sourabhsparkala added the poc Proof of concept label Oct 25, 2021
@ManjunathMS35
Copy link
Contributor

Snyk can be a SAST tool and a dependency checker:

The information if a GitHub project uses Snyk can be found by checking the,

  1. Existence of policy file (.snyk), which can be in root directory or any folder
  2. Commits done by snyk-bot
  3. Snyk Action config in .github folder
  4. CI yaml config file containing Snyk CLI scans config

Sample Golang open source repos: https://github.com/gofiber/fiber , https://github.com/openfga/openfga , https://github.com/Unity-Technologies/go-svrquery

@sourabhsparkala sourabhsparkala mentioned this issue Aug 17, 2022
Merged
@sourabhsparkala sourabhsparkala added this to the 1.10.0 milestone Aug 17, 2022
ManjunathMS35 added a commit that referenced this issue Aug 17, 2022
@ManjunathMS35
Use Snyk as data provider (#860)
02f66d6 
Fixes #717
sourabhsparkala pushed a commit to sourabhsparkala/fosstars-rating-core that referenced this issue Sep 1, 2022
@ManjunathMS35 @sourabhsparkala
Use Snyk as data provider (SAP#860)
2f63b5a 
Fixes SAP#717
sourabhsparkala pushed a commit to sourabhsparkala/fosstars-rating-core that referenced this issue Sep 26, 2022
@ManjunathMS35 @sourabhsparkala
Use Snyk as data provider (SAP#860)
bee4b6f 
Fixes SAP#717
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ManjunathMS35 ManjunathMS35

Labels
poc Proof of concept
Projects
None yet
Milestone
1.10.0
Development

Successfully merging a pull request may close this issue.

Use Snyk as data provider ManjunathMS35/fosstars-rating-core
2 participants
@sourabhsparkala @ManjunathMS35