Merge pull request #182 from docker/snyk-upgrade

Update version of the Snyk CLI to v1.790.0

.github/workflows/build-pr.yml

@@ -8,10 +8,10 @@ jobs:
     env:
       GO111MODULE: "on"
     steps:
-      - name: Set up Go 1.15
+      - name: Set up Go 1.17
         uses: actions/setup-go@v1
         with:
-          go-version: 1.15
+          go-version: 1.17
         id: go
 
       - name: Checkout code into the Go module directory
@@ -38,10 +38,10 @@ jobs:
       - name: Docker version
         run: docker version
 
-      - name: Set up Go 1.15
+      - name: Set up Go 1.17
         uses: actions/setup-go@v1
         with:
-          go-version: 1.15
+          go-version: 1.17
         id: go
 
       - name: Checkout code into the Go module directory

cmd/docker-scan/main.go

@@ -119,14 +119,15 @@ func configureProvider(ctx context.Context, dockerCli command.Cli, flags options
 	opts = append(opts, options...)
 	if flags.jsonFormat {
 		opts = append(opts, provider.WithJSON())
+		opts = append(opts, provider.WithExperimental())
 		if flags.groupIssues {
 			opts = append(opts, provider.WithGroupIssues())
 		}
 	} else if flags.groupIssues {
 		return nil, fmt.Errorf("--json flag is mandatory to use --group-issues flag")
-	} else {
-		opts = append(opts, provider.WithAppVulns())
 	}
+	opts = append(opts, provider.WithAppVulns())
+
 	if flags.dockerFilePath != "" {
 		opts = append(opts, provider.WithDockerFile(flags.dockerFilePath))
 		if flags.excludeBase {

e2e/scan_test.go

@@ -230,7 +230,7 @@ func TestScanWithFileAndExcludeBaseImageVulns(t *testing.T) {
 
 	cmd.Command = dockerCli.Command("scan", "--accept-license", "--file", "./testdata/Dockerfile", "--exclude-base", ImageBaseImageVulnerabilities)
 	output := icmd.RunCmd(cmd).Assert(t, icmd.Success).Combined()
-	assert.Assert(t, strings.Contains(output, "found 0 issues."))
+	assert.Assert(t, strings.Contains(output, "no vulnerable paths found."))
 }
 
 func TestScanWithExcludeBaseImageVulns(t *testing.T) {
@@ -431,7 +431,7 @@ func TestScanWithFileAndExcludeBaseImageVulnsContainerizedProvider(t *testing.T)
 
 	cmd.Command = dockerCli.Command("scan", "--file", dockerfilePath, "--exclude-base", ImageBaseImageVulnerabilities)
 	output := icmd.RunCmd(cmd).Assert(t, icmd.Success).Combined()
-	assert.Assert(t, strings.Contains(output, "found 0 issues."))
+	assert.Assert(t, strings.Contains(output, "no vulnerable paths found."))
 }
 
 func createSnykConfDirectories(t *testing.T, withConfFile bool, token string) (*fs.Dir, func()) {

internal/provider/provider.go

@@ -170,6 +170,14 @@ func WithPath(path string) Ops {
 	}
 }
 
+// WithExperimental allows running `--json` flag in combination of `--app-vulns`
+func WithExperimental() Ops {
+	return func(provider *Options) error {
+		provider.flags = append(provider.flags, "--experimental")
+		return nil
+	}
+}
+
 func getToken(opts Options) (string, error) {
 	if opts.auth.Username == "" {
 		return "", fmt.Errorf(`You need to be logged in to Docker Hub to use scan feature.

vars.mk

@@ -1,12 +1,12 @@
 # Pinned Versions
-SNYK_DESKTOP_VERSION=1.563.0
+SNYK_DESKTOP_VERSION=1.790.0
 SNYK_USER_VERSION=1.460.0
 SNYK_OLD_VERSION=1.382.1
 # Digest of the 1.563.0 snyk/snyk:docker image
-SNYK_IMAGE_DIGEST=sha256:defb5ba5517a29a78736d919d3dc0568f555980a43daefe1ac8a1e7fc0924f25
-GO_VERSION=1.15.0
-CLI_VERSION=19.03.9
-ALPINE_VERSION=3.12.0
+SNYK_IMAGE_DIGEST=sha256:579d7263467ec0cffb44ec1720a320dd1ed6a78d6d4a8d9f58088a26f1d35ac4
+GO_VERSION=1.17.5
+CLI_VERSION=20.10.11
+ALPINE_VERSION=3.15.0
 GOLANGCI_LINT_VERSION=v1.27.0-alpine
 GOTESTSUM_VERSION=0.5.2