Tool: snyk-filter
The
snyk-filter
tool provides custom filtering for Snyk CLI output. snyk-filter
takes the JSON-formatted output from the Snyk CLI, for example, snyk test --json
and applies custom filtering of the results, as well as options to fail your build.npm install -g
snyk-filter
uses the node-jq
library, which requires that a jq
binary be installed. This typically happens transparently via npm install -g
, but on some systems jq
is not properly installed locally. If you receive an error after installation regarding node-jq
, then install jq
manually to avoid this error.# install jq ahead of time (ubuntu example)
sudo apt-get install -y jq
# tell node-jq to skip trying to install it on its own
export NODE_JQ_SKIP_INSTALL_BINARY=true
# tell node-jq where the existing jq binary is
export JQ_PATH=$(which jq)
# finally, install snyk-filter (does not work with node version > 12)
sudo npm install -g
- 1.Implement your custom jq filters in a .snyk-filter/snyk.yml file relative to your current working directory where you are running
snyk test
. See sample-filters and tweak things from there; use JQPlay - 2.Then pipe your
snyk test --json
output intosnyk-filter
or use the-i
argument to input a JSON file. Use the-f
argument to point to the yml file containing your custom filters if you are not using the default location (.snyk-filter/snyk.yml). - 3.The return code from
snyk-filter
is 0 for pass (no issues) and 1 for fail (issues found).
snyk test --json | snyk-filter
snyk test --json | snyk-filter -f /path/to/example-cvss-9-or-above.yml
snyk-filter -i snyk_results.json
snyk-filter -i snyk_results.json -f /path/to/example-high-upgradeable-vulns.yml
--json
to output JSONLicense: Apache License, Version 2.0
Last modified 2mo ago