When running a snyk test or snyk monitor, you can specify the --json flag then use the jq command to parse the output for the CVSS score. From here you change the if statement to the CVSS score you would like to break the build at. Below is an example of the command you can use that send an error code for the CVSS greater than 8.0
snyk test --json | jq '.vulnerabilities[] |= if(.cvssScore) > 8.0 then "CVSS score \(.cvssScore) \(.id)"|halt_error(1) else "CVSS Score: \(.cvssScore) Vulnerability:\(.id)" end'
Comments
0 comments
Please sign in to leave a comment.