Skip to content

Commit

Permalink
Merge pull request #477 from snyk-tech-services/feat/revert_axios_ver…
Browse files Browse the repository at this point in the history
…sion_change

fest: revert axios vuln fixes
  • Loading branch information
TomJMayne authored Mar 6, 2024
2 parents 8fc7baa + ee13115 commit 5fb1392
Show file tree
Hide file tree
Showing 15 changed files with 192 additions and 87 deletions.
2 changes: 2 additions & 0 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ jobs:
- run: npm install
- run: npm test
- run: npx tsc
- run: npm run pkg-binaries-linux
- run: ./snyk-api-import-linux help
build-test-from-fork:
docker:
- image: circleci/node:12
Expand Down
81 changes: 80 additions & 1 deletion .releaserc
Original file line number Diff line number Diff line change
@@ -1,10 +1,89 @@
{
"prepare": [
"@semantic-release/npm",
{
"//": "adds a file to identify a build as a standalone binary",
"path": "@semantic-release/exec",
"cmd": "echo '' > dist/STANDALONE"
},
{
"//": "build the macos",
"path": "@semantic-release/exec",
"cmd": "npx [email protected] dist/index.js -r './dist/**/*.js' -t mac-x64-12.18.2 -o snyk-api-import-macos"
},
{
"//": "build the linux",
"path": "@semantic-release/exec",
"cmd": "npx [email protected] dist/index.js -r './dist/**/*.js' -t linux-x64-12.16.2 -o snyk-api-import-linux"
},
{
"//": "build the alpine",
"path": "@semantic-release/exec",
"cmd": "npx [email protected] dist/index.js -r './dist/**/*.js' -t alpine-x64-12.9.1 -o snyk-api-import-alpine"
},
{
"//": "build the windows binaries",
"path": "@semantic-release/exec",
"cmd": "npx [email protected] dist/index.js -r './dist/**/*.js' -t windows-x64-12.18.2 -o snyk-api-import-win.exe"
},
{
"//": "shasum all binaries",
"path": "@semantic-release/exec",
"cmd": "shasum -a 256 snyk-api-import-linux > snyk-api-import-linux.sha256 && shasum -a 256 snyk-api-import-macos > snyk-api-import-macos.sha256 && shasum -a 256 snyk-api-import-win.exe > snyk-api-import-win.exe.sha256 && shasum -a 256 snyk-api-import-alpine > snyk-api-import-alpine.sha256"
},
{
"//": "removes the file we use to identify a build as a standalone binary",
"path": "@semantic-release/exec",
"cmd": "rm dist/STANDALONE"
}
],
"publish": [
"@semantic-release/npm",
"path": "@semantic-release/github"
{
"path": "@semantic-release/github",
"assets": [
{
"path": "./snyk-api-import-linux",
"name": "snyk-api-import-linux",
"label": "snyk-api-import-linux"
},
{
"path": "./snyk-api-import-linux.sha256",
"name": "snyk-api-import-linux.sha256",
"label": "snyk-api-import-linux.sha256"
},
{
"path": "./snyk-api-import-alpine",
"name": "snyk-api-import-alpine",
"label": "snyk-api-import-alpine"
},
{
"path": "./snyk-api-import-alpine.sha256",
"name": "snyk-api-import-alpine.sha256",
"label": "snyk-api-import-alpine.sha256"
},
{
"path": "./snyk-api-import-macos",
"name": "snyk-api-import-macos",
"label": "snyk-api-import-macos"
},
{
"path": "./snyk-api-import-macos.sha256",
"name": "snyk-api-import-macos.sha256",
"label": "snyk-api-import-macos.sha256"
},
{
"path": "./snyk-api-import-win.exe",
"name": "snyk-api-import-win.exe",
"label": "snyk-api-import-win.exe"
},
{
"path": "./snyk-api-import-win.exe.sha256",
"name": "snyk-api-import-win.exe.sha256",
"label": "snyk-api-import-win.exe.sha256"
}
]
}
],
"branches": ["master"]
}
10 changes: 10 additions & 0 deletions .snyk
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,14 @@ ignore:
reason: there is no fix available
expires: 2023-12-30T17:38:57.751Z
created: 2023-11-30T17:38:57.755Z
SNYK-JS-AXIOS-6032459O:
- '*':
reason: vuln fix broke binary packaging
expires: 2024-04-05T16:28:10.379Z
created: 2024-03-06T16:28:10.387Z
SNYK-JS-AXIOS-6144788O:
- '*':
reason: vuln fix broke binary packaging
expires: 2024-04-05T16:28:56.455Z
created: 2024-03-06T16:28:56.463Z
patch: {}
24 changes: 22 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,15 +39,33 @@ If you need to adjust concurrency you can stop the script, change the concurrenc
- [AWS automation example](docs/example-workflows/aws-automation-example.md)

# Installation
`snyk-api-import` CLI can be installed through multiple channels.

Snyk snyk-api-import CLI is available as an [npm package](https://www.npmjs.com/package/snyk-api-import).
## Standalone executables (macOS, Linux, Windows)

Ensure you have [node.js installed](https://nodejs.org/en/learn/getting-started/how-to-install-nodejs), the `snyk-api-import` can then be installed by running:
Use [GitHub Releases](https://github.com/snyk-tech-services/snyk-api-import/releases) to download a standalone executable of Snyk CLI for your platform.

## More installation methods

<details>
<summary>Install with npm or Yarn</summary>

### Install with npm or Yarn

[Snyk snyk-api-import CLI is available as an npm package](https://www.npmjs.com/package/snyk-api-import). If you have Node.js installed locally, you can install it by running:

```bash
npm install snyk-api-import@latest -g
```

or if you are using Yarn:

```bash
yarn global add snyk-api-import
```

</details>

# Usage
By default the `import` command will run if no command specified.
- `import` - kick off a an API powered import of repos/targets into existing Snyk orgs defined in [import configuration file](./docs/import.md). 100% support available for all project types supported via [Import API](https://snyk.docs.apiary.io/#reference/import-projects/import/import-targets).
Expand Down Expand Up @@ -91,3 +109,5 @@ The logs can be explored using [Bunyan CLI](http://trentm.com/node-bunyan/bunyan
snyk-api-import supports 100% of the same integration types and project sources as the <a href="https://snyk.docs.apiary.io/#reference/import-projects/import/import-targets">Import API documentation</a>. If an example is not in the docs for your use case please see the API documentation
</p>
</details>


7 changes: 3 additions & 4 deletions docs/example-workflows/aws-automation-example.md
Original file line number Diff line number Diff line change
Expand Up @@ -45,8 +45,7 @@ To kick off an import, your Lambda function will need your `SNYK_TOKEN`, `SNYK_O

### Suggested architecture for the Lambda function
1. Get the "repository-name" and the "image-tag" from the event
2. Install the latest snyk-api-import tool
`npm install snyk-api-import@latest -g`
2. Install or download the latest [snyk-api-import tool](https://github.com/snyk-tech-services/snyk-api-import/releases)
3. Create a targets file for the tool using your SNYK_ORG_ID, ORG_INTEGRATION_ID as explained [here](https://github.com/snyk-tech-services/snyk-api-import/blob/master/docs/import.md#1-create-the-import-projectsjson-file). The import file shsould have the neccessary fileds as needed by our [import endpoint](https://snyk.docs.apiary.io/#reference/import-projects/import-targets), for example - an import file for a new image will look something like this:
```
{
Expand All @@ -64,8 +63,8 @@ To kick off an import, your Lambda function will need your `SNYK_TOKEN`, `SNYK_O
4. Set your `SNYK_TOKEN` and your `SNYK_LOG_PATH` as an enviroment variables
5. Kick off an import by running the import command with refernce to the created import file, for example:
```
DEBUG=snyk* npx snyk-api-import import --file=path/to/import-targets.json
DEBUG=snyk* snyk-api-import import --file=path/to/import-targets.json
```
6. Wait for the imported targets log file - "imported-targets.log" to be created
7. Check that the log indicates a successful import
8. Done!
8. Done!
18 changes: 9 additions & 9 deletions docs/import-data.md
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,9 @@ This is a util that can help generate the import json data needed by the import
- All organization IDs can be found by listing all organizations a group admin belongs to via [Snyk Organizations API](https://snyk.docs.apiary.io/#reference/groups/list-all-organizations-in-a-group/list-all-organizations-in-a-group)

3. Run the command to generate import data:
- **Github.com:** `DEBUG=snyk* GITHUB_TOKEN=*** SNYK_TOKEN=*** npx snyk-api-import import:data --orgsData=path/to/snyk-orgs.json --source=github`
- **Github Enterprise Server:** `DEBUG=snyk* GITHUB_TOKEN=*** SNYK_TOKEN=*** npx snyk-api-import import:data --orgsData=path/to/snyk-orgs.json --source=github-enterprise --sourceUrl=https://ghe.custom.com`
- **Github Enterprise Cloud:** `DEBUG=snyk* GITHUB_TOKEN=*** SNYK_TOKEN=*** npx snyk-api-import import:data --orgsData=path/to/snyk-orgs.json --source=github-enterprise`
- **Github.com:** `DEBUG=snyk* GITHUB_TOKEN=*** SNYK_TOKEN=*** snyk-api-import import:data --orgsData=path/to/snyk-orgs.json --source=github`
- **Github Enterprise Server:** `DEBUG=snyk* GITHUB_TOKEN=*** SNYK_TOKEN=*** snyk-api-import import:data --orgsData=path/to/snyk-orgs.json --source=github-enterprise --sourceUrl=https://ghe.custom.com`
- **Github Enterprise Cloud:** `DEBUG=snyk* GITHUB_TOKEN=*** SNYK_TOKEN=*** snyk-api-import import:data --orgsData=path/to/snyk-orgs.json --source=github-enterprise`

4. Use the generated data to feed into [import] command (/import.md) to generate kick off the import.

Expand All @@ -67,8 +67,8 @@ This is a util that can help generate the import json data needed by the import
- All organization IDs can be found by listing all organizations a group admin belongs to via [Snyk Organizations API](https://snyk.docs.apiary.io/#reference/groups/list-all-organizations-in-a-group/list-all-organizations-in-a-group)

3. Run the command to generate import data:
- **Gitlab.com:** `DEBUG=snyk* GITLAB_TOKEN=*** SNYK_TOKEN=*** npx snyk-api-import import:data --orgsData=path/to/snyk-orgs.json --source=gitlab `
- **Hosted Gitlab:** `DEBUG=snyk* GITLAB_TOKEN=*** SNYK_TOKEN=*** npx snyk-api-import import:data --orgsData=path/to/snyk-orgs.json --source=gitlab --sourceUrl=https://gitlab.custom.com`
- **Gitlab.com:** `DEBUG=snyk* GITLAB_TOKEN=*** SNYK_TOKEN=*** snyk-api-import import:data --orgsData=path/to/snyk-orgs.json --source=gitlab `
- **Hosted Gitlab:** `DEBUG=snyk* GITLAB_TOKEN=*** SNYK_TOKEN=*** snyk-api-import import:data --orgsData=path/to/snyk-orgs.json --source=gitlab --sourceUrl=https://gitlab.custom.com`

4. Use the generated data to feed into [import] command (/import.md) to generate kick off the import.

Expand Down Expand Up @@ -97,8 +97,8 @@ This is a util that can help generate the import json data needed by the import
- All organization IDs can be found by listing all organizations a group admin belongs to via [Snyk Organizations API](https://snyk.docs.apiary.io/#reference/groups/list-all-organizations-in-a-group/list-all-organizations-in-a-group)

3. Run the command to generate import data:
- **dev.azure.com:** `DEBUG=snyk* AZURE_TOKEN=*** SNYK_TOKEN=*** npx snyk-api-import import:data --orgsData=path/to/snyk-orgs.json --source=azure-repos`
- **Hosted Azure:** `DEBUG=snyk* AZURE_TOKEN=*** SNYK_TOKEN=*** npx snyk-api-import import:data --orgsData=path/to/snyk-orgs.json --source=azure-repos --sourceUrl=https://azure.custom.com`
- **dev.azure.com:** `DEBUG=snyk* AZURE_TOKEN=*** SNYK_TOKEN=*** snyk-api-import import:data --orgsData=path/to/snyk-orgs.json --source=azure-repos`
- **Hosted Azure:** `DEBUG=snyk* AZURE_TOKEN=*** SNYK_TOKEN=*** snyk-api-import import:data --orgsData=path/to/snyk-orgs.json --source=azure-repos --sourceUrl=https://azure.custom.com`

4. Use the generated data to feed into [import] command (/import.md) to generate kick off the import.

Expand Down Expand Up @@ -127,7 +127,7 @@ This is a util that can help generate the import json data needed by the import
- All organization IDs can be found by listing all organizations a group admin belongs to via [Snyk Organizations API](https://snyk.docs.apiary.io/#reference/groups/list-all-organizations-in-a-group/list-all-organizations-in-a-group)

3. Run the command to generate import data:
- **Bitbucket Server:** `DEBUG=snyk* BITBUCKET_SERVER_TOKEN=*** SNYK_TOKEN=*** npx snyk-api-import import:data --orgsData=path/to/snyk-orgs.json --source=bitbucket-server --sourceUrl=https://bitbucket-server.dev.example.com`
- **Bitbucket Server:** `DEBUG=snyk* BITBUCKET_SERVER_TOKEN=*** SNYK_TOKEN=*** snyk-api-import import:data --orgsData=path/to/snyk-orgs.json --source=bitbucket-server --sourceUrl=https://bitbucket-server.dev.example.com`

4. Use the generated data to feed into [import] command (/import.md) to generate kick off the import.

Expand Down Expand Up @@ -160,7 +160,7 @@ export BITBUCKET_CLOUD_PASSWORD=your_bitbucket_cloud_password
- All organization IDs can be found by listing all organizations a group admin belongs to via [Snyk Organizations API](https://snyk.docs.apiary.io/#reference/groups/list-all-organizations-in-a-group/list-all-organizations-in-a-group)

3. Run the command to generate import data:
- **Bitbucket Cloud:** `DEBUG=snyk* BITBUCKET_CLOUD_USERNAME=*** BITBUCKET_CLOUD_PASSWORD=*** SNYK_TOKEN=*** npx snyk-api-import import:data --orgsData=path/to/snyk-orgs.json --source=bitbucket-cloud`
- **Bitbucket Cloud:** `DEBUG=snyk* BITBUCKET_CLOUD_USERNAME=*** BITBUCKET_CLOUD_PASSWORD=*** SNYK_TOKEN=*** snyk-api-import import:data --orgsData=path/to/snyk-orgs.json --source=bitbucket-cloud`

4. Use the generated data to feed into [import command](/import.md) to generate kick off the import.

Expand Down
14 changes: 6 additions & 8 deletions docs/import.md
Original file line number Diff line number Diff line change
Expand Up @@ -192,11 +192,9 @@ If you have any tests ot fixtures that should be ignored, please set the `exclus
- `CONCURRENT_IMPORTS` (optional) defaults to 15 repos at a time, which is the recommended amount to import at once as a max. Just 1 repo may have many projects inside which can trigger a many files at once to be requested from the user's SCM instance and some may have rate limiting in place. This script aims to help reduce the risk of hitting a rate limit.
- `SNYK_API` (optional) defaults to `https://snyk.io/api/v1`

## 3. Install and run
## 3. Download & run

Install the tool from [npm](https://www.npmjs.com/):
`npm install snyk-api-import@latest -g`
and run with `DEBUG=snyk* npx snyk-api-import import --file=path/to/imported-targets.json`
Grab a binary from the [releases page](https://github.com/snyk-tech-services/snyk-api-import/releases) and run with `DEBUG=snyk* snyk-api-import-macos import --file=path/to/imported-targets.json`

## 4. Review logs
When import is started via Snyk API, many files & targets will be added to an import job. This job when complete will provide logs of what projects could be detected, which failed and any errors that were encountered. For more details see [Import API documentation](https://snyk.docs.apiary.io/#reference/import-projects/import/import-targets)
Expand Down Expand Up @@ -229,11 +227,11 @@ Note:
Command to run:

- skip all previously imported into all orgs in a Group:
`npx snyk-api-import list:imported --integrationType=<integration-type> --groupId=<snyk_group_id>`
`snyk-api-import-macos list:imported --integrationType=<integration-type> --groupId=<snyk_group_id>`
- skip all previously imported for a specific Organization:
`npx snyk-api-import list:imported --integrationType=<integration-type> --orgId=<snyk_org_id>`
- a single integration / projects source `npx snyk-api-import list:imported --integrationType=<integration-type> --groupId=<snyk_group_id>`
- multiple integrations / projects sources `npx snyk-api-import list:imported --integrationType=<integration-type> --integrationType=<integration-type> --orgId=<snyk_org_id>`
`snyk-api-import-macos list:imported --integrationType=<integration-type> --orgId=<snyk_org_id>`
- a single integration / projects source `snyk-api-import-macos list:imported --integrationType=<integration-type> --groupId=<snyk_group_id>`
- multiple integrations / projects sources `snyk-api-import-macos list:imported --integrationType=<integration-type> --integrationType=<integration-type> --orgId=<snyk_org_id>`

Supported integration types:

Expand Down
18 changes: 9 additions & 9 deletions docs/mirror-bitbucket-cloud.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,17 +4,17 @@ You will need to configure Bitbucket Cloud username and password and Snyk token
Please refer to individual documentation pages for more detailed info, however the general steps are:

1. `export BITBUCKET_CLOUD_USERNAME=***`, `export BITBUCKET_CLOUD_PASSWORD=***` and `export SNYK_TOKEN=***`
2. Generate organization data e.g. `npx snyk-api-import orgs:data --source=bitbucket-cloud --groupId=<snyk_group_id>` [Full instructions](./orgs.md)
3. Create organizations in Snyk `npx snyk-api-import orgs:create --file=orgs.json` [Full instructions](./orgs.md) will create a `snyk-created-orgs.json` file with Snyk organization ids and integration ids that are needed for import.
4. Generate import data `npx snyk-api-import import:data --orgsData=snyk-created-orgs.json --source=bitbucket-cloud` [Full instructions](./import-data.md)
5. Run import `DEBUG=*snyk* npx snyk-api-import import`[Full instructions](./import.md)
2. Generate organization data e.g. `snyk-api-import orgs:data --source=bitbucket-cloud --groupId=<snyk_group_id>` [Full instructions](./orgs.md)
3. Create organizations in Snyk `snyk-api-import orgs:create --file=orgs.json` [Full instructions](./orgs.md) will create a `snyk-created-orgs.json` file with Snyk organization ids and integration ids that are needed for import.
4. Generate import data `snyk-api-import import:data --orgsData=snyk-created-orgs.json --source=bitbucket-cloud` [Full instructions](./import-data.md)
5. Run import `DEBUG=*snyk* snyk-api-import import`[Full instructions](./import.md)

## Re-importing new repos & orgs only while Mirroring
Once initial import is complete you may want to periodically check for new repos and make sure they are added into Snyk. To do this a similar flow to what is described above with a few small changes can be used:
1. `export BITBUCKET_CLOUD_USERNAME=***`, `export BITBUCKET_CLOUD_PASSWORD=***` and `export SNYK_TOKEN=***`
2. Generate organization data in Snyk and skip any that do not have any repos via `--skipEmptyOrg` `npx snyk-api-import orgs:data --source=bitbucket-cloud --groupId=<snyk_group_id> --skipEmptyOrg` [Full instructions](./orgs.md)
3. Create organizations in Snyk and this time skip any that have been created already with `--noDuplicateNames` parameter `npx snyk-api-import orgs:create --file=orgs.json --noDuplicateNames` [Full instructions](./orgs.md) will create a `snyk-created-orgs.json` file with Snyk organization ids and integration ids that are needed for import.
4. Generate import data `npx snyk-api-import import:data --orgsData=snyk-created-orgs.json --source=bitbucket-cloud` [Full instructions](./import-data.md)
2. Generate organization data in Snyk and skip any that do not have any repos via `--skipEmptyOrg` `snyk-api-import orgs:data --source=bitbucket-cloud --groupId=<snyk_group_id> --skipEmptyOrg` [Full instructions](./orgs.md)
3. Create organizations in Snyk and this time skip any that have been created already with `--noDuplicateNames` parameter `snyk-api-import orgs:create --file=orgs.json --noDuplicateNames` [Full instructions](./orgs.md) will create a `snyk-created-orgs.json` file with Snyk organization ids and integration ids that are needed for import.
4. Generate import data `snyk-api-import import:data --orgsData=snyk-created-orgs.json --source=bitbucket-cloud` [Full instructions](./import-data.md)
5. Optional. Generate the previously imported log to skip all previously imported repos a Group (see full [documentation](./import.md#to-skip-all-previously-imported-targets)):
`npx snyk-api-import list:imported --integrationType=<integration-type> --groupId=<snyk_group_id>`
6. Run import `DEBUG=*snyk* npx snyk-api-import import` [Full instructions](./import.md)
`snyk-api-import-macos list:imported --integrationType=<integration-type> --groupId=<snyk_group_id>`
6. Run import `DEBUG=*snyk* snyk-api-import import` [Full instructions](./import.md)
Loading

0 comments on commit 5fb1392

Please sign in to comment.