README
GitHub Issue Creator
A CLI for creating GitHub issues based on vulnerabilities from your Snyk projects.
Installation
You can either install the package globally and then run it:
$ npm install --global @elastic/snyk-github-issue-creator
$ snyk-github-issue-creator --help
Or you can use npx
to run it without having to install it globally
first:
$ npx @elastic/snyk-github-issue-creator --help
Note: The usage examples used in the rest of this documentation expects that you have installed the package globally.
Usage
$ snyk-github-issue-creator [options]
Normal options:
--auto
: Re-use previously saved configuration without asking.--help, -h
: Show the help.--version, -v
: Show release version.
Advanced options:
--snykOrg=...
: The Snyk Organization UUID.--snykProjects=...
: A comma-separated list of Snyk project UUIDs.--ghOwner=...
: The name of the owner or organization under which the GitHub repository is located.--ghRepo=...
: The name of the GitHub repository where issues should be created.--projectName=...
: Alternative Snyk project name.--ghLabels=...
: A comma-separated list of GitHub labels which will be applied to new issues (the label "Snyk" will always be applied).--severityLabel, --no-severityLabel
: If specified, the GitHub issue will have severity label(s) added automatically.--parseManifestName, --no-parseManifestName
: If specified, the dependency paths will start with the manifest name instead of the project name.--batch, --no-batch
: If specified, the selected findings will be combined into a single GitHub issue.--minimumSeverity
: If specified, vulnerabilities will only be displayed if they meet the minimum severity level. Valid options are 'low', 'medium', or 'high'. Default is 'medium' (if using--auto
and you have not saved this setting previously).--autoGenerate, --no-autoGenerate
: If specified, GitHub issues will be automatically generated without a confirmation prompt.--stdin
: Read Snyk Organization UUID and Snyk Project UUID from STDIN. Used instead of--snykOrg
/--snykProjects
.
Supported Environment Variables:
SNYK_TOKEN
: The Snyk API token.GH_PAT
: The GitHub Personal Access Token.
Setup
When running snyk-github-issue-creator
, you will be asked a series of
setup questions:
- Synk token: Your Snyk API token which can be found at https://app.snyk.io/account.
- Synk organization and Snyk project UUIDs: Either use the
guided menus, or use the
--stdin
command line argument to parse the output of a snyk monitor command to retrieve the necessary parameters. - GitHub Personal Access Token: A GitHub Personal Access Token with privilege to create new issues in the repository specified under "GitHub Repo" (create a new token at https://github.com/settings/tokens/new).
- GitHub Owner: The name of the owner or organization under which the GitHub repository is located.
- GitHub Repo: The name of the GitHub repository where issues should be created.
- Project name: Allows you to overrride the project name from Snyk (useful when runing Snyk with CI/CLI integration).
- GitHub Labels: Labels which will be applied to new issues (the
label
Snyk
will always be applied). - Add severity labels to issues: If specified, the GitHub issue will have severity label(s) added automatically.
- Parse manifest name: If specified, the dependency paths will start with the manifest name instead of the project name.
- Batch: If specified, the selected findings will be combined into a single GitHub issue (see this example).
- Minimum severity level: Vulnerabilities will only be displayed if they meet the minimum severity level. Valid options are 'low', 'medium', or 'high'.
- Auto generate: If specified, GitHub issues will be automatically generated without a confirmation prompt (e.g. if you want to run this as part of a CI pipeline).
- Save settings: If specified, you can skip these questions the
next time you run the program by using the
--auto
command line flag.
Picking Vulnerabilities
After answering the setup questions, you will be presented with a list of
vulnerabilities to generate a GitHub issue for. Type t
or true
to
create an issue, and f
or false
to skip it.
Examples
Running the script against this repository will create a set of issues, as seen here: