Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat/update vuln urls to point to security.snyk.io #3448

Merged
merged 12 commits into from
Jul 14, 2022
Merged

Feat/update vuln urls to point to security.snyk.io #3448

merged 12 commits into from
Jul 14, 2022

Conversation

e102
Copy link
Contributor

@e102 e102 commented Jul 11, 2022
edited
Loading

What does this PR do?

Updates URL links for vulns in the CLI output to point to security.snyk.io, the new snyk vulnerability db which generally has better UX and more info than the legacy site the links are currently pointing to.

@e102 e102 requested a review from a team as a code owner July 11, 2022 03:03
@e102 e102 self-assigned this Jul 11, 2022
@e102 e102 requested a review from a team as a code owner July 11, 2022 03:03
@e102 e102 changed the title Feat/update vuln urls to pvdb Feat/update vuln urls to point to security.snyk.io Jul 11, 2022
@github-actions
Copy link
Contributor

github-actions bot commented Jul 11, 2022
edited
Loading

Warnings
⚠️

Since the CLI is unifying on a standard and improved tooling, we're starting to migrate old-style imports and exports to ES6 ones.
A file you've modified is using either module.exports or require(). If you can, please update them to ES6 import syntax and export syntax.
Files found:

  • src/lib/formatters/legacy-format-issue.ts
  • test/tap/cli-test/cli-test.docker.spec.ts
Messages
📖

You are modifying something in test/smoke directory, yet you are not on the branch starting with smoke/. You can prefix your branch with smoke/ and Smoke tests will trigger for this PR.

Generated by 🚫 dangerJS against aa3688f

@e102 e102 force-pushed the feat/update_vuln_urls_to_pvdb branch from 2d8ddf3 to 2fd7018 Compare July 11, 2022 14:56
@e102 e102 force-pushed the feat/update_vuln_urls_to_pvdb branch from 2fd7018 to 6128f25 Compare July 11, 2022 15:04
@e102 e102 force-pushed the feat/update_vuln_urls_to_pvdb branch from 1b5f3b2 to 3b5fcf7 Compare July 11, 2022 16:08
thisislawatts
thisislawatts reviewed Jul 12, 2022
View reviewed changes
src/lib/spotlight-vuln-notification.ts Outdated
@@ -41,7 +41,7 @@ export function notificationForSpotlightVulns(
);

for (const vulnId of foundSpotlightVulnsIds) {
message += ` - ${vulnId} (See https://snyk.io/vuln/${vulnId})`;
message += ` - ${vulnId} (See https://security.snyk.io/vuln/${vulnId})`;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

issue(blocking): Whilst we're in this area can we switch to using the configuration value rather than a hard coded string?

For example:

Suggested change
message += ` - ${vulnId} (See https://security.snyk.io/vuln/${vulnId})`;
message += ` - ${vulnId} (See ${config.PUBLIC_VULN_DB_URL}/vuln/${vulnId})`;

@e102 e102 merged commit b278096 into master Jul 14, 2022
@e102 e102 deleted the feat/update_vuln_urls_to_pvdb branch July 14, 2022 08:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thisislawatts thisislawatts thisislawatts approved these changes

@orsagie orsagie orsagie approved these changes

@Avishagp Avishagp Avishagp approved these changes

@ZahirJ ZahirJ Awaiting requested review from ZahirJ ZahirJ was automatically assigned from snyk/snyk-open-source

@magdziarek magdziarek Awaiting requested review from magdziarek magdziarek was automatically assigned from snyk/snyk-open-source

@ekbsnyk ekbsnyk Awaiting requested review from ekbsnyk ekbsnyk was automatically assigned from snyk/snyk-open-source

Assignees

@e102 e102

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@e102 @thisislawatts @orsagie @Avishagp