Security concerns around snyk being packaged with sfcc-ci and snyk forcing us to register and pass a auth token #504

srinumanthena · 2023-07-27T20:32:00Z

srinumanthena
Jul 27, 2023

Hello,

we are using sfcc-ci and build suite for quite some time to deploy our code to salesforce commerce cloud. This week we encountered a issue where snyk is forcing us to register and use a auth token when we try to download sfcc-ci via npm as it looks like sfcc-ci has dependency on snyk npm module. See below error message we encountered. It is concerning that snyk can collect data from our code and forcing us to register with snyk. Is there a way to remove disable snyk during sfcc-ci npm installation? we have become aware of snyk only when we saw the below error, which started recently. We are using sfcc-ci version 2.5.1

Thank you

npm ERR! prepareGitDep > [email protected] prepare /home/svcjenkins/.npm/_cacache/tmp/git-clone-f8e404a7
npm ERR! prepareGitDep > npm run snyk-protect
npm ERR! prepareGitDep 
npm ERR! prepareGitDep 
npm ERR! prepareGitDep > [email protected] snyk-protect /home/svcjenkins/.npm/_cacache/tmp/git-clone-f8e404a7
npm ERR! prepareGitDep > snyk protect
npm ERR! prepareGitDep 
npm ERR! prepareGitDep Authentication failed. Please check the API token on https://snyk.io/

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security concerns around snyk being packaged with sfcc-ci and snyk forcing us to register and pass a auth token #504

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 0 comments

Select a reply

Security concerns around snyk being packaged with sfcc-ci and snyk forcing us to register and pass a auth token #504

srinumanthena Jul 27, 2023

Replies: 0 comments

srinumanthena
Jul 27, 2023