snyk-to-html
The CLI provides a direct or automated way to fail the build and, by default, provides only summary information unless you use the --json
or --sarif
format. You can direct this output to a file; these files include the issues discovered. The formats are not human-readable.
You can use snyk-to-html
(the Snyk JSON to HTML Mapper) to:
Create a readable build artifact as part of the output of a scan
Create an HTML report of the full context of a vulnerability that you can view in a browser
This page explains how to install snyk-to-html
, use the snyk-to-html
tool to export the test results in JSON or SARIF format to an HTML file, and view the test results in a browser.
Note, only json
output is supported for Open Source (SCA) scans. sarif
output will return no results from the snyk-to-html
process for Open Source tests.
Install snyk-to-html
snyk-to-html
To install snyk-to-html
, you must have the required permissions on your machine. If the installation fails, contact your IT administrator to request the required permissions.
You can install snyk-to-html
using npm:
To install the snyk-to-html
plugin locally, clone the snyk-to-html
GitHub repository and use the script:
Use the snyk-to-html
tool
snyk-to-html
toolYou can run snyk-to-html
as part of a snyk test
command to create a readable build artifact as part of the output of a test.
You can also run a snyk test
command with the option to export the results to a JSON file and then convert the JSON file to HTML using snyk-to-html
. You can export Snyk Code results to either a JSON or a SARIF file and convert that file to HTML.
When you run the snyk-to-html
command, you can customize it with the following command options:
The snyk-to-html
command does not generate the standard exit codes.
To display the help for snyk-to-html
Use the command snyk-to-html --help
or --h
.
If you want to use the snyk-to-html
command in a CI/CD pipeline, see the Snyk CI/CD integration examples for an example of a workaround for Azure Pipelines.
For more information, see Use snyk-to-html
command options.
Create a readable build artifact as part of the output of a test
Follow these steps to create a build artifact by running snyk-to-html
as part of a snyk test
command. This streams the results directly to snyk-to-html
.
Change the directory to the root folder of the repository you want to test.
To test the repository, export the results to a JSON format, and use the plugin to convert the output to an HTML file called
results-[scantype].html
.
The commands to use for each Snyk scanning method follow. When you run a command, an HTML file with one of the names in these examples is created in your repository folder, allowing you to view your test results in HTML format.
Snyk Open Source command
Run the following line to create a file called results-opensource.html
:
snyk test --json | snyk-to-html -o results-opensource.html
Snyk Container command
Run the following to create a file called results-container.html
:
snyk container test [image] --json | snyk-to-html -o results-container.html
Snyk Code command
Run the following to create a file called results-code.html
:
snyk code test --json | snyk-to-html -o results-code.html
Snyk IaC command
Navigate to the subfolder with the related files and run the following line to create a file called results-iac.html
:
snyk iac test --json | snyk-to-html -o results-iac.html
Convert a JSON or SARIF file to HTML to view in a browser
For automation purposes, you may be creating a JSON file for programmatic access to the results or already have one from a previous scan. You can send this JSON output to snyk-to-html
to generate an HTML file.
Follow these steps to run snyk test
and then convert the output file to HTML.
Change the directory to the root folder of the repository you want to test.
Run the appropriate
test
command for each product as shown:snyk test --json-file-output=results-opensource.json
snyk code test --json-file-output=results-code.json
snyk container test [image] --json-file-output=results-container.json
snyk iac test --json-file-output=results-iac.json
If an exit code stops the process before piping the output to the tool, refer to the note that follows these steps.
Pass the JSON file to
snyk-to-html
to be converted to HTML. The input files should be valid JSON and use UTF-8 encoding. Ensure you use the name of the output file you generated:snyk-to-html -i results-opensource.json -o results-opensource.html
snyk-to-html -i results-code.json -o results-code.html
snyk-to-html -i results-container.json -o results-container.html
snyk-to-html -i results-iac.json -o results-iac.html
When you use a multi-step approach like snyk test --json > result-opensource.json
and then pass the results to a plugin, the exit code may stop or break the process on your build system before you get to the step of passing the output file to a tool like snyk-to-html
or snyk-filter
. You have several options, depending on the capabilities of your build tools:
1) Capture the exit code in a parameter to prevent it from being returned to the process in addition to checking for an error state.
2) Use ||true
or some form of logic to prevent the exit code from terminating the process.
Note that when you do this, any return code is ignored, such as error codes signifying network or Snyk platform issues or another non-scan result issue. The next step in using the JSON is likely to fail. It is recommended that you review the exit code before you proceed to the next step in your script.
3) Set the step to continue on failure
, if such an option exists.
Use snyk-to-html
command options
snyk-to-html
command optionsThe following examples show the snyk test command; however, they will also work with the snyk test
commands for container, code, and IaC.
Show a simple version of the report
Use the option -s
or --summary
to display only the summary of the report.
snyk-to-html -i results.json -o results.html -s
Show actionable remediation
To display the actions you can take to remedy vulnerabilities, use the -a
or --actionable-remediation
option.
snyk-to-html -i results.json -o results.html -a
The report sequences remediations, upgrades, and patches by the number and severity of vulnerabilities the remediation fixes. Use this as a guide when you are selecting the order in which to upgrade and patch packages.
Snyk supports remediation advice for the following package managers:
npm
Yarn
RubyGems
Maven
Gradle
sbt
Pip
View test results in HTML format
To view the HTML file, locate the output file in your repository and double-click it. If you used a different name for your HTML file, locate and open that file.
The test results report opens in the browser. The following example shows snyk code test
results. You can view the Data Flow and Fix Analysis information for the issues discovered by clicking the corresponding buttons for each issue.
License
Last updated