Dep Graph API
Feature availability The Snyk API is available only with Enterprise plans. For more information, seeplans and pricing.
The Dep Graph API requires additional permissions. Contact Snyk Support to request access.
To test and monitor dependencies managed by Bazel, it is recommended that you use the Snyk Dep Graph API endpoints Test Dep Graph and Monitor Dep Graph. The monitor capability allows customers to submit a tree for Snyk to monitor for vulnerabilities. While you can use Bazel for many languages including C++, the Dep Graph endpoints do not support C++.
Follow these basic steps:
For each type of dependency, for example, Maven, Cocoapods, create a Dep Graph JSON object listing all the dependency packages and versions. See Example of Snyk for Baszel.
As part of a Bazel test rule, send the Dep Graph JSON object as a POST request to the endpointTest Dep Graph, along with your auth token. An example curl request follows:
Check the API response for pass/fail status and any resulting vulnerabilities.
How the Test Dep Graph API works
The Test Dep Graph API takes a generic dependency graph and returns a report containing any relevant vulnerabilities for those dependencies.
The supported package managers and repository ecosystems are listed in the Test Dep Graph and Monitor Dep Graph documentation.
Any of your Bazel dependencies that are available in the supported ecosystems can be tested using the Snyk API.
Snyk Dep Graph JSON syntax
The Test Dep Graph API takes a Snyk Dep Graph JSON object describing the root application and the graph of direct and transitive dependencies.
The schema for this format is as follows:
Further notes on specific components in the Dep Graph object follow:
schemaVersion
- the version of the Dep Graph schema. Set this to1.2.0
.pkgManager.name
- can be one ofdeb
,gomodules
,gradle
,maven
,npm
,nuget
,paket
,pip
,rpm
,rubygems
, orcocoapods
.pkgs
- an array of objects containingid
,name
andversion
of all packages in the Dep Graph. Note that theid
must be in the formname@version
. List each of your dependencies in this array, including an item representing the Project itself.graph.nodes
- an array of objects describing the relationships between entries inpkgs
. This is typically the Project node with all other packages defined as a flat array of direct dependencies indeps.
graph.rootNodeId
- specifies theid
of the entry ingraph.nodes
to use as the root node of the graph. Set this to thenodeId
of the Project node.
Snyk Dep Graph Test API response
The TEst Dep Graph API returns a JSON object describing any issues (vulnerabilities and licenses) found in the Dep Graph dependencies.
An example response with a single vulnerability follows:
Further notes on specific components in the response object follow: