How to do Snyk code test in Jenkins pipeline?

Question

I am helping our DevOps team integrate Snyk into the Jenkins pipelines for SAST. By default, it seems like this Snyk plugin is doing snyk test (which does open-source dependency scans) and appends the additional arguments provided with it. I identified this behavior by checking the console log where the actual command ran was displayed. We actually want it to do the source code scan snyk code.

The command I observed in the console log is this: <jenkins tools installation path>/snyk-linux test --json --severity-threshold=high --file=<path>/package.json; The snyk-linux test part seems to be predefined.

Can someone please help me regarding this?

score 3 · Answer 1 · edited Apr 20 '23 at 08:05

3

As you have correctly observed, the Snyk Security Jenkins plugin only offers access to the Snyk CLI snyk test command and nothing else.

Currently, the only way to do this is to talk with the Snyk CLI directly.

pipeline {
    agent any
    
    environment {
        SNYK_HOME = tool name: 'Snyk'
    }

    stages {
        
        stage('Snyk Code') {
            steps {
                sh "${SNYK_HOME}/snyk-linux code test"
            }
        }
    }
}

Of course, you also need to expose the token in an environment variable.

edited Apr 20 '23 at 08:05

Mathias Conradt

28,420
21
138
192

answered Aug 30 '22 at 15:17

Valentin Despa

40,712
18
80
106

1

This answer is correct. @iamahecker Please accept if you're ok with it. – Mathias Conradt Apr 20 '23 at 08:06

How to do Snyk code test in Jenkins pipeline?

1 Answers1