Giter Club home page Giter Club logo

snyk-tags-tool's Introduction

Snyk Tags Tool

snyk-oss-category

Snyk Tags is a CLI tool which can:

  • Help filter Snyk projects by product type by adding product tags across a Snyk Group or Organization - using snyk-tags tag
  • Help filter Snyk projects by applying tags to all projects containing a specific name snyk-tags tag alltargets --contains-name=
  • Help filter Snyk projects by applying tags to a target import (for example a git repo like snyk-labs/nodejs-goof) - using snyk-tags target tag or from a csv/json file with snyk-tags fromfile target-tag
  • Help filter Snyk projects by applying attributes to a target import (for example a git repo like snyk-labs/nodejs-goof) - using snyk-tags target attributes or from a csv/json file with snyk-tags fromfile target-attributes
  • Help filter Snyk projects by adding the GitHub CODEOWNERS (only GitHub handles) as tags to the target import (must be a GitHub repo in the form snyk-labs/nodejs-goof) - using snyk-tags target github owners
  • Help with tag management by removing tags from a Group or a target import (for example a git repo like snyk-labs/nodejs-goof) - using snyk-tags target remove or listing all tags using snyk-tags list tags (also in bulk or from a csv/json file with snyk-tags fromfile)
  • Associate Snyk Open Source, Code and Container projects with software component tags, using snyk-tags component tag.

snyk-tags tag

snyk-tags tag is a CLI tool that uses the Snyk Project Tag API to assign tags in bulk to Snyk projects based on the product.

snyk-tags tag will update all projects of the specified product within a Snyk Group or Organization with the product's tag.

You can also specify a custom tag for the specific project types.

List all project types

snyk-tags target

snyk-tags target goes through a target (repo, container, CLI import) to assign tags, attributes and assign GitHub metadata. Targets in snyk can be varied like:

  • snyk-labs/nodejs-goof is the target from a git import
  • library/httpd is the target from a container import
  • /snyk-labs/nodejs-goof is the target from a CLI import

You can use:

  • snyk-tags target tag to add tags to a target
  • snyk-tags target attributes to add attributes to a target
  • snyk-tags target github for specific GitHub metadata. The GitHub repo must include the GitHub Organization e.g. snyk-labs/nodejs-goof

List all possible attributes

snyk-tags target github

To import GitHub metadata such as CODEOWNERS or Topics, you can use this command.

Requirements:

  • GitHub PAT with read:org permissions

Usage:

  • snyk-tags target github owners to add the CODEOWNERS file information as tags (limited to GitHub handles for now)
  • snyk-tags target github topics to add the GitHub Topics as tags

Viewing results

Once you run snyk-tags, go into the UI, naviagate to the projects page and find the tags filter or attribute filter options on the left-hand menu. Select the tag/attribute you have applied and you will see all projects associated.

snyk-tags component tag

snyk-tags component tag automates tagging software components at scale for Snyk, based on powerful regular-expression based rules. Read more about this feature in components.

Installation and requirements

Requirements

Requires Python version above 3.8

Installation

To install the simplest way is to use pip:

pip install snyk-tags

Alternatively you can clone the repo and then run the following commands:

poetry install # To install dependencies
python -m snyk-tags # To run snyk-tags

Examples

For the following examples you will need a Snyk API token, this can either be a personal Snyk Group/Org admin or a service account, here is more information on how to generate a Snyk API token. You can then pass this token as part of the command through --snyktkn=abc or as an environment variable SNYK_TOKEN

Applying tags by Snyk product

I want to filter all my Snyk Code projects to the whole Snyk Group:

snyk-tags tag sast --group-id=abc --snyktkn=abc

I want to filter all my npm Snyk Open Source projects within a specific Snyk Organization:

snyk-tags tag sca --scatype=npm --org-id=abc --snyktkn=abc

Applying tags based on project name

I want to filter all my Snyk projects sharing a common project name substring

snyk-tags tag alltargets --contains-name=microservice --group-id=abc --org-id=abc --snyktkn=abc --tagkey=app --tagvalue=microservice

Managing tags based on target SCM repository

I want to filter all projects within my snyk-labs/nodejs-goof repo by project:snyk

snyk-tags target tag --target=snyk-labs/nodejs-goof --org-id=abc --snyktkn=abc --tagkey=project --tagvalue=snyk

I want to add attributes to all projects within my snyk-labs/python-goof repo. The attributes are critical, production, backend

snyk-tags target attributes  --target=snyk-labs/python-goof --org-id=abc --snytkn=abc --criticality=critical --environment=backend --lifecycle=production

I want mark with the repo owners all projects of the repo snyk-labs/nodejs-goof so I can filter by owner e.g.Owner:EricFernandezSnyk (to use a private GitHub instance, use --gh-base-url=<your instance's API baseurl>. Example: --gh-base-url=https://gh.local/api/v3)

snyk-tags target github owners --target=snyk-labs/nodejs-goof --org-id=abc --snyktkn=abc --githubtkn=abc

I want add my GitHub Topics to all projects of the repo snyk-labs/nodejs-goof so I can filter by topics e.g.GitHubTopic:python3 (to use a private GitHub instance, use --gh-base-url=<your instance's API baseurl>. Example: --gh-base-url=https://gh.local/api/v3)

snyk-tags target github topics --target=snyk-labs/nodejs-goof --org-id=abc --snyktkn=abc --githubtkn=abc

I want to remove the tag project:snyk from the repo snyk-labs/nodejs-goof

snyk-tags remove tag-from-target --target=snyk-labs/nodejs-goof --group-id=abc --snyktkn=abc --tagkey=project --tagkey=snyk

I want to remove the tag app:microservice from all targets within a specific Snyk Organization

snyk-tags remove tag-from-alltargets --contains-name=apps-demo --org-id=abc --tagkey=app --tagvalue=microservice

I want to filter all projects within snyk-labs/nodejs-goof and snyk-labs/goof repo by project:snyk so I use a csv in the format org-id,target,key,value

snyk-tags fromfile target-tag --file=path/to/file.csv --snyktkn

Types of projects and attributes

List of all project types

Snyk IaC Snyk Open Source Snyk Container Snyk Code
terraformconfig maven dockerfile sast
terraformplan npm apk
k8sconfig nuget deb
helmconfig gradle rpm
cloudformationconfig pip linux
armconfig yarn
gomodules
rubygems
composer
sbt
golangdep
cocoapods
poetry
govendor
cpp
yarn-workspace
hex
paket
golang

List of all attributes

Criticality Environment Lifecycle
critical frontend production
high backend development
medium internal sandbox
low external
mobile
saas
onprem
hosted
distributed

snyk-tags-tool's People

Contributors

cmars avatar ericfernandezdc avatar ericfernandezsnyk avatar gwnlng avatar jonesjim avatar josanadh avatar scott-es avatar snykerjames avatar thavelock avatar yeforriak avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

tess-snyk jonesjim mcsnyk cmars yeforriak dsgithuborg josanadh csmonkee boscodon rback123 snykerjames nick101199 sebsnyk

snyk-tags-tool's Issues

Failing to run snyk-tags-tool

When i run the command snyk-tags tag sast --group-id=abc --snyktkn=abc

I get the following error and I cant work out what is going on.

addprojecttype = False │ │
│ │ client = <httpx.Client object at 0x102992860> │ │
│ │ key = 'Product' │ │
│ │ org_id = 'XXXXXX-4a0c-9cc6-17348a0d5ee6' │ │
│ │ org_ids = [ │ │
│ │ │ 'XXXXXXX-4a0c-9cc6-17348a0d5ee6', │ │
│ │ │ 'XXXXXXX-471f-819a-95e28055b624' │ │
│ │ ]
projects = { │ │
│ │ │ 'code': 404, │ │
│ │ │ 'message': 'Org XXXXXX-4a0c-9cc6-17348a0d5ee6 was not found or │ │
│ │ you may not have the c'+118, │ │
│ │ │ 'error': 'Org XXXXXX-4a0c-9cc6-17348a0d5ee6 was not found or you │ │
│ │ may not have the c'+118 │ │
│ │ }
tag = 'OpenSource' │ │
│ │ token = 'XXXXXXX-22c3d07c0023' │ │
│ │ types = ['npm']

[FEAT]: Tag Snyk projects with custom property from GitHub.

Is there an existing feature request for this?

  • I have searched the existing feature requests

Description

This is similar in style to the Owners feature of the tool where you can tag and filter based on CODEOWNERS. The difference is that you could select a custom property you made in GitHub to tag a Snyk project with. Imagine you want to filter by owner, but CODEOWNERS contains a devops team or something, while the code is really owned by a specific product team. At this point, custom properties is in beta at GitHub.

Additional Information

No response

[BUG]: snyk-tags tag alltargets --contains-name doesn't like to slashes

Is there an existing issue for this?

  • I have searched the existing issues

Description of the bug

Trying to tag a project with custom target silently fails if project name has a slash in it e.g.

s:src\Hosepipe.Services\packages.config

and you use a slash in --contains-name

Steps To Reproduce

I have a project name s:src\Hosepipe.Services\packages.config (poor name, I know!) that I want to add a tag to.

 snyk-tags tag alltargets --contains-name s:src\Hosepipe.Services\packages.config --tagkey Pod --tagvalue common

Which gives the folluwing response

Adding the tag key Pod and tag value common to s:srcHosepipe.Servicespackages.config projects in Snyk for easy filtering via the UI

But the tag is not added, despite response suggesting it worked

The following does work

snyk-tags tag alltargets --contains-name Hosepipe.Services --tagkey Pod --tagvalue common

This suggests that slashes aren't escaped properly

Additional Information

Unrelated niggle: but README docs could indicate where to find GROUP_ID - snyk doesn't document this very well and had to resort tl looking at REST exchange in browser.

This tag tool is useful. Thankyou

[BUG]:

Is there an existing issue for this?

  • I have searched the existing issues

Description of the bug

Hi, it seems snyk-tags tool tags every projects indiscriminately if a non existing "--group-id" passed as parameter.

Steps To Reproduce

Run the command

snyk-tags tag sca --tenant eu --synktkn xxxxxxxxxx --group-id "not-exisiting-group-id"

The tool seems to add a sca tag (Product:Opensource) to all projects for every organization associated to the default group from the Snyk token.

Additional Information

No response

[FEAT]: Add new --origin & --branch parameter

Is there an existing feature request for this?

  • I have searched the existing feature requests

Description

... so that customers can tag all their github repositories, on particular branches, perhaps the default one.

Additional Information

No response

[BUG]: OpenSSL version warning

Is there an existing issue for this?

  • I have searched the existing issues

Description of the bug

When running any snyk-tags command, the following warning is outputted:

-> snyk-tags ...
/Users/ross/repos/snyk-tags-tool/venv/lib/python3.9/site-packages/urllib3/__init__.py:34: NotOpenSSLWarning: urllib3 v2 only supports OpenSSL 1.1.1+, currently the 'ssl' module is compiled with 'LibreSSL 2.8.3'. See: https://github.com/urllib3/urllib3/issues/3020
  warnings.warn(
...

Steps To Reproduce

I installed the latest snyk-tags into a python virtual environment and am seeing the issue.

Additional Information

Please see the following for additional system info. I am using an M1 Mac.

(venv) ------------------------------------------------
[[email protected]] ~/repos/snyk-tags-tool
-> snyk-tags --version
/Users/ross/repos/snyk-tags-tool/venv/lib/python3.9/site-packages/urllib3/__init__.py:34: NotOpenSSLWarning: urllib3 v2 only supports OpenSSL 1.1.1+, currently the 'ssl' module is compiled with 'LibreSSL 2.8.3'. See: https://github.com/urllib3/urllib3/issues/3020
  warnings.warn(
snyk-tags v2.2.1

(venv) ------------------------------------------------
[[email protected]] ~/repos/snyk-tags-tool
-> openssl version
OpenSSL 3.1.2 1 Aug 2023 (Library: OpenSSL 3.1.2 1 Aug 2023)

(venv) ------------------------------------------------
[[email protected]] ~/repos/snyk-tags-tool
-> which openssl
/opt/homebrew/bin/openssl

(venv) ------------------------------------------------
[[email protected]] ~/repos/snyk-tags-tool
-> ll `which openssl`
lrwxr-xr-x  1 ross  admin  37 Aug 13 14:56 /opt/homebrew/bin/openssl -> ../Cellar/openssl@3/3.1.2/bin/openssl

(venv) ------------------------------------------------
[[email protected]] ~/repos/snyk-tags-tool
-> python --version
Python 3.9.6

(venv) ------------------------------------------------
[[email protected]] ~/repos/snyk-tags-tool
-> sw_vers
ProductName:		macOS
ProductVersion:		14.2
BuildVersion:		23C64

[BUG]: Code Analysis projects not being tagged with target tag command

Is there an existing issue for this?

  • I have searched the existing issues

Description of the bug

When using snyk-tags target tag command, all projects beneath the specified target are identified and tagged except Code Analysis. After some testing, it appears this only occurs when custom branching is disabled in an environment as custom branching changes the naming convention of projects.

Steps To Reproduce

  1. Ensure customBranch is disabled on Snyk account
  2. Execute snyk-tags target tag --target=snyk-labs/nodejs-goof --org-id=abc --snyktkn=abc --tagkey=project --tagvalue=snyk with appropriate values
  3. Check Code Analysis projects for Tags either through filtering the UI or API call

Additional Information

No response

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.