Tool: snyk-filter
The
snyk-filter tool provides custom filtering for Snyk CLI output. snyk-filter takes the JSON-formatted output from the Snyk CLI, for example, snyk test --json and applies custom filtering of the results, as well as options to fail your build.npm install -gsnyk-filter uses the node-jq library, which requires that a jq binary be installed. This typically happens transparently via npm install -g, but on some systems jq is not properly installed locally. If you receive an error after installation regarding node-jq, then install jq manually to avoid this error.# install jq ahead of time (ubuntu example)
sudo apt-get install -y jq
# tell node-jq to skip trying to install it on its own
export NODE_JQ_SKIP_INSTALL_BINARY=true
# tell node-jq where the existing jq binary is
export JQ_PATH=$(which jq)
# finally, install snyk-filter (does not work with node version > 12)
sudo npm install -g
- 1.Implement your custom jq filters in a .snyk-filter/snyk.yml file relative to your current working directory where you are running
snyk test. See sample-filters and tweak things from there; use JQPlay - 2.Then pipe your
snyk test --jsonoutput intosnyk-filteror use the-iargument to input a JSON file. Use the-fargument to point to the yml file containing your custom filters if you are not using the default location (.snyk-filter/snyk.yml). - 3.The return code from
snyk-filteris 0 for pass (no issues) and 1 for fail (issues found).
snyk test --json | snyk-filtersnyk test --json | snyk-filter -f /path/to/example-cvss-9-or-above.ymlsnyk-filter -i snyk_results.jsonsnyk-filter -i snyk_results.json -f /path/to/example-high-upgradeable-vulns.yml--json to output JSONLicense: Apache License, Version 2.0
Last modified 2mo ago