Example of Snyk for Bazel

See Manually creating a Dep Graph from Bazel Java project for a full example of a Bazel Java project and the corresponding Snyk Dep Graph object.

For a simple Bazel Project with a single dependency on a Maven package, you may specify the dependency like this:

maven_jar(
    name = "logback-core",
    artifact = "ch.qos.logback:logback-core:1.0.13",
    sha1 = "dc6e6ce937347bd4d990fc89f4ceb469db53e45e",
)

From this, you could construct the following Dep Graph JSON object:

{
  "depGraph": {
    "schemaVersion": "1.2.0",
    "pkgManager": {
      "name": "maven"
    },
    "pkgs": [
      {
        "id": "[email protected]",
        "info": {
          "name": "app",
          "version": "1.0.0"
        }
      },
      {
        "id": "ch.qos.logback:[email protected]",
        "info": {
          "name": "ch.qos.logback:logback-core",
          "version": "1.0.13"
        }
      }
    ],
    "graph": {
      "rootNodeId": "root-node",
      "nodes": [
        {
          "nodeId": "root-node",
          "pkgId": "[email protected]",
          "deps": [
            {
              "nodeId": "ch.qos.logback:[email protected]"
            }
          ]
        },
        {
          "nodeId": "ch.qos.logback:[email protected]",
          "pkgId": "ch.qos.logback:[email protected]",
          "deps": []
        }
      ]
    }
  }
}

This particular package (ch.qos.logback:[email protected]) contains a vulnerability described in detail in the resulting JSON response object.

PreviousDep Graph API NextSnyk Code

Last updated 4 months ago

Was this helpful?