close #715, make snyk components produce output if snyk found no issues

smithy-security · Jan 27, 2025 · abf944b · abf944b
1 parent d583af6
commit abf944b
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 2 deletions.
diff --git a/components/producers/snyk-docker/main.go b/components/producers/snyk-docker/main.go
@@ -37,7 +37,7 @@ func writeOutput(results map[string][]*v1.Issue) error {
 		slog.Info(
 			"appending",
 			slog.Int("issues", len(issues)),
-			slog.String("tool", "snuk"),
+			slog.String("tool", "snyk"),
 		)
 		if err := producers.WriteSmithyOut(
 			"snyk",
@@ -46,6 +46,15 @@ func writeOutput(results map[string][]*v1.Issue) error {
 			slog.Error("error writing smithy out for the snyk tool", "err", err)
 		}
 	}
+	if len(results) == 0 { // in case snyk had a clean scan
+		slog.Info("writing snyk output without any findings")
+		if err := producers.WriteSmithyOut(
+			"snyk",
+			[]*v1.Issue{},
+		); err != nil {
+			slog.Error("error writing smithy out for the snyk tool", "err", err)
+		}
+	}
 	return nil
 }
 

diff --git a/components/producers/snyk-docker/main_test.go b/components/producers/snyk-docker/main_test.go
@@ -179,3 +179,30 @@ func TestWriteOutput(t *testing.T) {
 	}
 	require.Equal(t, len(expectedIssues), foundIssues)
 }
+
+func TestWriteOutputNoIssues(t *testing.T) {
+	producers.Append = true
+	sampleIssues := map[string][]*v1.Issue{}
+
+	workspace, err := os.MkdirTemp("", "smithy")
+	require.NoError(t, err)
+
+	defer require.NoError(t, os.RemoveAll(workspace))
+
+	producers.OutFile = filepath.Join(workspace, "out.pb")
+	err = writeOutput(sampleIssues)
+	require.NoError(t, err)
+
+	_, err = os.Stat(producers.OutFile)
+	require.NoError(t, err)
+
+	in, err := os.ReadFile(producers.OutFile)
+	require.NoError(t, err)
+	var wrote v1.LaunchToolResponse
+	err = proto.Unmarshal(in, &wrote)
+	require.NoError(t, err)
+	expectedIssues := []*v1.Issue{}
+	require.Equal(t, len(expectedIssues), len(wrote.Issues))
+	require.NotEmpty(t, wrote.ScanInfo)
+	require.Equal(t, wrote.ToolName, "snyk")
+}
diff --git a/components/producers/snyk-python/task.yaml b/components/producers/snyk-python/task.yaml
@@ -37,7 +37,7 @@ spec:
       snyk auth $(params.producer-snyk-python-api-key)
       if [[ -n "$(params.producer-snyk-python-relative-path-to-requirements-txt)" ]]; then
         echo "installing dependencies"
-        pip install -r "$(workspaces.output.path)/source-code/$(params.producer-snyk-python-relative-path-to-requirements-txt)"
+        pip install --force --no-deps --no-compile --no-warn-conflicts -r "$(workspaces.output.path)/source-code/$(params.producer-snyk-python-relative-path-to-requirements-txt)"
       fi
 
       echo "running snyk test"