I am using Snyk scan on Azure DevSecOps.online scan works by I am trying to compares specific snapshot with the actual scan using:
- task: SnykSecurityScan@1
inputs:
projectName: 'POcPipeline'
serviceConnectionEndpoint: 'conectionSnykAzure'
severityThreshold: 'low'
testType: 'app'
monitorWhen: 'always'
failOnIssues: false
displayName: 'Run Snyk Security Scan'
- script: |
npm install -g snyk snyk-delta
displayName: 'Install Snyk and Snyk-Delta Tools'
- script: |
ls -la
displayName: 'List Workspace Files'
- script: |
snyk test --json --print-deps | snyk-delta --baselineOrg 93d6123-a3rf-ub0f-yc93-216ecc08a338 --baselineProject 015b7a6-26rw-4e23-br47-74544067c54744d
displayName: 'Snyk Vulnerability Delta Analysis'
I am trying to use Snyk delta to compare scans but I am getting like typo errors:
Generating script.
Script contents:
snyk test --json --print-deps | snyk-delta --baselineOrg 93d6123-a3rf-ub0f-yc93-216ecc08a338 --baselineProject 015b7a6-26rw-4e23-br47-74544067c54744d
========================== Starting Command Output ===========================
/usr/bin/bash --noprofile --norc /home/vsts/work/_temp/0547b0-79a1-41d9-b8a1-b452342ee0.sh
Hint: use debug mode -d for more information
BadInputError: Expected 'snyk test --json' output to contain .vulnerabilities[] property but none was found. Ensure 'snyk test --json' completed successfully.
Please review the available documentation via -h or the README
##[error]Bash exited with code '2'.
Finishing: Snyk Vulnerability Delta Analysis
The Snyk CLI command "snyk test" requires its own authentication, apart from the plugin/scan task. The Snyk CLI command does not refer to the serviceConnection specified further above (conectionSnykAzure).
Hence you need to run snyk auth <SNYK_API_KEY>
beforehand; and make SNYK_API_KEY an env variable.
Related Snyk docs: https://docs.snyk.io/snyk-cli/authenticate-to-use-the-cli