When a user tries to test a project that contains several manifest files in the CLI by using
snyk test OR snyk monitor
Snyk will pick the first manifest file and run the test on it but Snyk won't scan the entire project
so the user needs to specify every target file to cover all the project dependencies.
You can use a command such as the following to pull all the relevant manifest files in a project:
snyk test $(find . -name "<manifest file>" -o -name "<manifest file>" -o -name "<manifest file>" -exec dirname {} \\;)
*Replace <manifest file> with an appropriate filename such as pom.xml, etc.
*You can specify as much as manifest files as you want just make sure that you finish the command with -exec dirname {} \\;)
For example, you can use the following command to test all Maven, NodeJS and Pip manifest files at once:
snyk test $(find . -name "pom.xml" -o -name "package.json" -o -name "requirements.txt" -exec dirname {} \\;)
List of all the manifest files that Snyk support:
Maven - pom.xml
Gradle - build.gradle
Kotlin - build.gradle or build.gradle.kts
Pip - requirements.txt
pipenv - Pipfile or Pipfile.lock
NodeJs - package.json or package-lock.json or yarn.lock
SBT - build.sbt
.Net - packages.config
.NET Framework - .csproj file
.NET Core - project.json
Golang - Gopkg.lock or vendor/vendor.json
Composer - composer.lock
Ruby - Gemfile.lock
Comments
0 comments
Please sign in to leave a comment.