alljames/purl_list_issues.sh

## purl_list_issues.sh
#!/bin/bash

# A basic bash script to summarise usage of Snyk's purl list issues API
# A background on purl (Package URL): https://github.com/package-url/purl-spec#solution

# REQUIREMENTS
# ensure the environment variables SNYK_TOKEN and SNYK_ORG_ID are set
# note: use the Organization ID, not the Organization slug/name

# USAGE
# run `sh purl_list_issues.sh`

# API DOCUMENTATION
# https://docs.snyk.io/snyk-api-info/list-issues-for-a-package-endpoint

# http://redsymbol.net/articles/unofficial-bash-strict-mode/
set -e # immediately exit if any command has a non-zero exit status
set -u # error out if undefined variable is referenced
set -o pipefail # if any command in a pipeline fails, that return code will be used as the return code of the whole pipeline
IFS=$'\n\t' # Internal Field Separator - makes running loops more reliable
# developed with shellcheck extension enabled

# the example (default) values below point to a purl with vulnerabilities
# modify the values below to point at a different purl
SCHEME=pkg
TYPE=deb
NAMESPACE=debian
NAME=dpkg
VERSION=1.19.0.4
QUALIFIERS="distro=stretch"

# https://github.com/package-url/purl-spec
# https://github.com/snyk/os-purl-parser-container-library/blob/main/test/index.test.ts
PURL="${SCHEME}":"${TYPE}"/"${NAMESPACE}"/"${NAME}"@"${VERSION}"?"${QUALIFIERS}"

echo "${PURL}" > /dev/stderr # pipe to stderr so that stdout only returns a (parsable) JSON
URI_ENCODED_PURL=$(printf %s "${PURL}" | jq -sRr @uri)
echo "${URI_ENCODED_PURL}" > /dev/stderr # pipe to stderr so that stdout only returns a (parsable) JSON

curl --get \
  --header "Authorization: token ${SNYK_TOKEN}" \
  --data-urlencode "version=2023-05-22~beta" \
  https://api.snyk.io/rest/orgs/"${SNYK_ORG_ID}"/packages/"${URI_ENCODED_PURL}"/issues
	#!/bin/bash

	# A basic bash script to summarise usage of Snyk's purl list issues API
	# A background on purl (Package URL): https://github.com/package-url/purl-spec#solution

	# REQUIREMENTS
	# ensure the environment variables SNYK_TOKEN and SNYK_ORG_ID are set
	# note: use the Organization ID, not the Organization slug/name

	# USAGE
	# run `sh purl_list_issues.sh`

	# API DOCUMENTATION
	# https://docs.snyk.io/snyk-api-info/list-issues-for-a-package-endpoint

	# http://redsymbol.net/articles/unofficial-bash-strict-mode/
	set -e # immediately exit if any command has a non-zero exit status
	set -u # error out if undefined variable is referenced
	set -o pipefail # if any command in a pipeline fails, that return code will be used as the return code of the whole pipeline
	IFS=$'\n\t' # Internal Field Separator - makes running loops more reliable
	# developed with shellcheck extension enabled

	# the example (default) values below point to a purl with vulnerabilities
	# modify the values below to point at a different purl
	SCHEME=pkg
	TYPE=deb
	NAMESPACE=debian
	NAME=dpkg
	VERSION=1.19.0.4
	QUALIFIERS="distro=stretch"

	# https://github.com/package-url/purl-spec
	# https://github.com/snyk/os-purl-parser-container-library/blob/main/test/index.test.ts
	PURL="${SCHEME}":"${TYPE}"/"${NAMESPACE}"/"${NAME}"@"${VERSION}"?"${QUALIFIERS}"

	echo "${PURL}" > /dev/stderr # pipe to stderr so that stdout only returns a (parsable) JSON
	URI_ENCODED_PURL=$(printf %s "${PURL}" \| jq -sRr @uri)
	echo "${URI_ENCODED_PURL}" > /dev/stderr # pipe to stderr so that stdout only returns a (parsable) JSON

	curl --get \
	--header "Authorization: token ${SNYK_TOKEN}" \
	--data-urlencode "version=2023-05-22~beta" \
	https://api.snyk.io/rest/orgs/"${SNYK_ORG_ID}"/packages/"${URI_ENCODED_PURL}"/issues