refactor: improve docker tips

This commit refactors the docker suggestion text that will be printed if the user hasn't opted out of suggestions.
snyk · Jan 25, 2023 · 6723568 · 6723568
1 parent 85d0962
commit 6723568
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 28 deletions.
diff --git a/src/lib/formatters/test/format-test-results.ts b/src/lib/formatters/test/format-test-results.ts
@@ -176,11 +176,7 @@ export function getDisplayedOutput(
   const fixAdvice = fixTip ? `\n\n${fixTip}` : '';
 
   const dockerfileWarning = getDockerfileWarning(res.scanResult);
-  const dockerSuggestion = getDockerSuggestionText(
-    options,
-    config,
-    res?.docker?.baseImage,
-  );
+  const dockerSuggestion = getDockerSuggestionText(options, res);
   const dockerDocsLink = getDockerRemediationDocsLink(dockerAdvice, config);
 
   const vulns = res.vulnerabilities || [];
@@ -256,31 +252,58 @@ export function dockerUserCTA(options) {
   return '';
 }
 
-function getDockerSuggestionText(options, config, baseImageRes): string {
-  if (!options.docker || options.isDockerUser) {
+function getDockerSuggestionText(
+  options: Options & TestOptions,
+  result: TestResult,
+): string {
+  if (
+    config?.disableSuggestions === 'true' ||
+    !options.docker ||
+    options.isDockerUser
+  ) {
     return '';
   }
 
-  let dockerSuggestion = '';
-  if (config && config.disableSuggestions !== 'true') {
-    const optOutSuggestions =
-      '\n\nTo remove this message in the future, please run `snyk config set disableSuggestions=true`';
-    if (!options.file) {
-      if (!baseImageRes) {
-        dockerSuggestion +=
-          chalk.bold.white(
-            '\n\nSnyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice.' +
-              `\nExample: $ snyk container test ${options.path} --file=path/to/Dockerfile`,
-          ) + optOutSuggestions;
-      }
-    } else if (!options['exclude-base-image-vulns']) {
-      dockerSuggestion +=
-        chalk.bold.white(
-          '\n\nPro tip: use `--exclude-base-image-vulns` to exclude from display Docker base image vulnerabilities.',
-        ) + optOutSuggestions;
-    }
+  const tips: string[] = [];
+  // exclude-base-image-vulns flag tip
+  if (options.file && !options['exclude-base-image-vulns']) {
+    tips.push(
+      'Pro tip: use `--exclude-base-image-vulns` to exclude from display Docker base image vulnerabilities.',
+    );
+  }
+
+  // dockerfile flag tip for base image
+  if (!options.file && !result?.docker?.baseImage) {
+    tips.push(
+      `Snyk wasn’t able to auto detect the base image, use \`--file\` option to get base image remediation advice.
+Example: $ snyk container test ${options.path} --file=path/to/Dockerfile`,
+    );
+  }
+
+  // disable-app-vulns flag tip
+  if (options.docker && result.targetFile && result.uniqueCount > 0) {
+    tips.push(
+      'Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information.',
+    );
+  }
+
+  if (tips.length === 0) {
+    return '';
   }
-  return dockerSuggestion;
+
+  return (
+    '\n\n' +
+    tips
+      // not sure why the tip to disable tips wasn't marked as white, maybe we should change that too?
+      .map((tip) => chalk.bold.white(tip))
+      .concat(
+        // add tip to disable tips
+        `To remove ${
+          tips.length > 1 ? 'these messages' : 'this message'
+        } in the future, please run \`snyk config set disableSuggestions=true\``,
+      )
+      .join('\n\n')
+  );
 }
 function getDockerfileWarning(scanResult: ScanResult | undefined): string {
   if (!scanResult) {

diff --git a/test/jest/unit/lib/formatters/test/__snapshots__/display-result.spec.ts.snap b/test/jest/unit/lib/formatters/test/__snapshots__/display-result.spec.ts.snap
@@ -130,7 +130,9 @@ Warning: Unable to analyse Dockerfile provided through \`--file\`.
 
 Pro tip: use \`--exclude-base-image-vulns\` to exclude from display Docker base image vulnerabilities.
 
-To remove this message in the future, please run \`snyk config set disableSuggestions=true\`"
+Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See [URL]
+
+To remove these messages in the future, please run \`snyk config set disableSuggestions=true\`"
 `;
 
 exports[`displayResult Docker test result with base image non resolvable warning 1`] = `
@@ -163,7 +165,9 @@ Warning: Unable to analyse Dockerfile provided through \`--file\`.
 
 Pro tip: use \`--exclude-base-image-vulns\` to exclude from display Docker base image vulnerabilities.
 
-To remove this message in the future, please run \`snyk config set disableSuggestions=true\`"
+Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See [URL]
+
+To remove these messages in the future, please run \`snyk config set disableSuggestions=true\`"
 `;
 
 exports[`displayResult Docker test result with remediation advice 1`] = `