Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: dep graph json output #5610

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Conversation

gitphill
Copy link
Contributor

@gitphill gitphill commented Dec 3, 2024

Pull Request Submission Checklist

  • Follows CONTRIBUTING guidelines
  • Includes detailed description of changes
  • Contains risk assessment (Low | Medium | High)
  • Highlights breaking API changes (if applicable)
  • Links to automated tests covering new functionality
  • Includes manual testing instructions (if necessary)
  • Updates relevant GitBook documentation (PR link: ___)

What does this PR do?

To help diagnose problems during dependency resolution and surface details
on what dependencies have been detected during the plugin inspect phase.

Changes dependency JSON output for snyk test and snyk container test.
When using either --json or --json-file-output together with
--print-deps attached a depGraph property to the output JSON.

Previously using --json and --print-deps together would produce
invalid JSON.

Prevent any warning logs from invalidating JSON output when --json
is being used.

Where should the reviewer start?

How should this be manually tested?

@gitphill gitphill force-pushed the feat/dep-graph-json-file-output branch 2 times, most recently from a1f9df6 to 1eaec7e Compare December 4, 2024 11:03
@gitphill gitphill changed the title Feat/dep graph json file output feat: dep graph json output Dec 4, 2024
@gitphill gitphill self-assigned this Dec 4, 2024
Changes dependency JSON output for snyk test and snyk container test.
When using either `--json` or `--json-file-output` together with
`--print-deps` attached a `depGraph` property to the output JSON.

Previously using `--json` and `--print-deps` together would produce
invalid JSON.

Prevent any warning logs from invalidating JSON output when `--json`
is being used.
@gitphill gitphill force-pushed the feat/dep-graph-json-file-output branch from 1eaec7e to 3d7c9ec Compare December 5, 2024 11:03
'--print-deps --json option not yet supported for large projects. Displaying graph json output instead',
);
// TODO @boost: add as output graphviz 'dot' file to visualize?
console.log(jsonStringifyLargeObject(depGraph.toJSON()));
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is a potentially breaking change, if anyone was using --print-deps with --json on a project with more than 40k vulnerable paths, and also working around the fact that we produce invalid JSON 😅

if (options['print-deps']) {
if (options.json) {
// Will produce 2 JSON outputs, one for the deps, one for the vuln scan.
console.log(jsonStringifyLargeObject(rootPackage));
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is a potentially breaking change if anyone was using --print-deps with --json on a project with less than 40k paths and has implemented a depTree JSON parser, and also working around the fact that we produce invalid JSON 😅

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant