-
Notifications
You must be signed in to change notification settings - Fork 560
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: dep graph json output #5610
base: main
Are you sure you want to change the base?
Conversation
a1f9df6
to
1eaec7e
Compare
Changes dependency JSON output for snyk test and snyk container test. When using either `--json` or `--json-file-output` together with `--print-deps` attached a `depGraph` property to the output JSON. Previously using `--json` and `--print-deps` together would produce invalid JSON. Prevent any warning logs from invalidating JSON output when `--json` is being used.
1eaec7e
to
3d7c9ec
Compare
'--print-deps --json option not yet supported for large projects. Displaying graph json output instead', | ||
); | ||
// TODO @boost: add as output graphviz 'dot' file to visualize? | ||
console.log(jsonStringifyLargeObject(depGraph.toJSON())); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is a potentially breaking change, if anyone was using --print-deps
with --json
on a project with more than 40k vulnerable paths, and also working around the fact that we produce invalid JSON 😅
if (options['print-deps']) { | ||
if (options.json) { | ||
// Will produce 2 JSON outputs, one for the deps, one for the vuln scan. | ||
console.log(jsonStringifyLargeObject(rootPackage)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is a potentially breaking change if anyone was using --print-deps
with --json
on a project with less than 40k paths and has implemented a depTree JSON parser, and also working around the fact that we produce invalid JSON 😅
Pull Request Submission Checklist
What does this PR do?
To help diagnose problems during dependency resolution and surface details
on what dependencies have been detected during the plugin inspect phase.
Changes dependency JSON output for snyk test and snyk container test.
When using either
--json
or--json-file-output
together with--print-deps
attached adepGraph
property to the output JSON.Previously using
--json
and--print-deps
together would produceinvalid JSON.
Prevent any warning logs from invalidating JSON output when
--json
is being used.
Where should the reviewer start?
How should this be manually tested?