snyk-delta
Last updated
Last updated
More information
Snyk privacy policy© 2024 Snyk Limited | All product and company names and logos are trademarks of their respective owners.
This tool provides the means to get the delta between two Snyk snapshots. This is especially useful when you are running CLI-based scans, such as in your local environment, githooks, and so on.
snyk-delta compares snapshots to provide details about:
New vulnerabilities not found in the baseline snapshot
New license issues not found in the baseline snapshot
Dependency delta between the two snapshots:
Direct dependencies added and removed
Indirect dependencies added and removed
Flag path(s) carrying new vulnerabilities
Snyk Enterprise plan (requires the Snyk API)
Your Project to be monitored
npm i -g snyk-delta
or
Download a binary of your choice from
You can use this tool inline or as a standalone command.
Use snyk test --json --print-deps | snyk-delta
You may point to a specific snapshot by specifying org+project coordinates:
snyk test --json --print-deps | snyk-delta --baselineOrg xxx --baselineProject xxx
Use --setPassIfNoBaseline if used with snyk-prevent_commit_status and the Project is not monitored. This preventssnyk-prevent_commit_status from failing:
setPassIfNoBaseline default to false
snyk test --json --print-deps | snyk-delta --baselineOrg xxx --baselineProject xxx --setPassIfNoBaseline true
The BaselineProject value is expected to be a UUID, not a name. Check the Snyk Web UI or API to retrieve those UUIDs.
Use snyk-delta --baselineOrg xxx --baselineProject xxx --currentOrg xxx --currentProject xxx --setPassIfNoBaseline false
The result is a number:
0: no new issue
2: for errors like invalid auth
Details for issues will be listed on stdout.
Use -h to display help.
When snyk-delta compares test results, it tries to find the same Project monitored on the Snyk platform. If no monitored Project is found, snyk-delta returns all the issues found by the CLI scan, essentially acting as a pass-through.
The return code is 0 if no issue, 1 if issues are found.
Usage as a module requires a list of issues coming from the Snyk CLI. snyk-delta is not compatible with data coming straight from Snyk APIs.
snyk-delta does not support the --all-projects option, but you can try using snyk_delta_all_projects.sh as a workaround until it does.
If you have trouble, you can try the following:
Run the Snyk test -d step first and ensure it works.
If you are using the delta allprojects script, try removing that and test the Projects individually
If no baseline is found, ensure there is an existing monitored Project first, and check the .git metadata if you are trying to match against an SCM-monitored Project.
1: new issue(s) or when using StrictMode and the unmonitored Project has issues (See more details in .)
If you need help, contact .