Skip to content

Latest commit

 

History

History
53 lines (40 loc) · 2.08 KB

README.md

File metadata and controls

53 lines (40 loc) · 2.08 KB

snyk-java-jar-test

Getting Started

You will need Python 3.7 and pipenv.

git clone https://github.com/snyk-samples/snyk-java-jar-test.git
cd snyk-java-jar-test
pipenv install
pipenv shell

You will need to authorize your Snyk CLI.

Usage

After activating an appropriate Python shell, you can do things like:

Test a single JAR in the local directory:

python snykjar.py gson-2.3.1.jar

Test a multiple specific JARs in the local directory:

python snykjar.py gson-2.3.1.jar commons-collections-3.2.1.jar jackson-core-2.9.8.jar

Test a single JAR in an arbitrary directory:

python snykjar.py /path/to/jars/gson-2.3.1.jar

Test multiple JARs in arbitrary directories:

python snykjar.py /path/to/jars/gson-2.3.1.jar /path/to/jars/commons-collections-3.2.1.jar /some/other/path/to/jars/jackson-core-2.9.8.jar

Test all the JARs in the current directory:

python snykjar.py .

Test a directory full of JARs:

python snykjar.py /path/to/jars

Additional Parameters

--jsonOutput=<output-file.json> - this will save the output in a JSON file which is ideal for parsing.

--orgId - you only need to use this if your default organization in Snyk is not an organization that has API access. In most cases you won't need to use this. You can see your default Snyk organization by going to Account Settings->Preferred Organization.

--outputPom=<path/to/output/pom.xml> - use this if you just want to get a pom.xml generated as output with all the detected Java packages. If you use this option, you the detected packages will not be tested and you will not get JSON output even if you use the --jsonOutput option. You might want to use this option to generate a pom.xml and then either test it with the snyk CLI (ex snyk test --file=pom.xml) or push the list of detected Java packages into Snyk and test monitor them there using snyk monitor --file=pom.xml --project-name=<my-java-jars-test>. For this to work, the filename needs to be pom.xml.