Last active
May 26, 2023 16:15
-
-
Save alljames/63af3522030cdcf106f6d828f8175814 to your computer and use it in GitHub Desktop.
Using the Snyk API to list issues found on a package URL (purl)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# A basic bash script to summarise usage of Snyk's purl list issues API | |
# A background on purl (Package URL): https://github.com/package-url/purl-spec#solution | |
# REQUIREMENTS | |
# ensure the environment variables SNYK_TOKEN and SNYK_ORG_ID are set | |
# note: use the Organization ID, not the Organization slug/name | |
# USAGE | |
# run `sh purl_list_issues.sh` | |
# API DOCUMENTATION | |
# https://docs.snyk.io/snyk-api-info/list-issues-for-a-package-endpoint | |
# http://redsymbol.net/articles/unofficial-bash-strict-mode/ | |
set -e # immediately exit if any command has a non-zero exit status | |
set -u # error out if undefined variable is referenced | |
set -o pipefail # if any command in a pipeline fails, that return code will be used as the return code of the whole pipeline | |
IFS=$'\n\t' # Internal Field Separator - makes running loops more reliable | |
# developed with shellcheck extension enabled | |
# the example (default) values below point to a purl with vulnerabilities | |
# modify the values below to point at a different purl | |
SCHEME=pkg | |
TYPE=deb | |
NAMESPACE=debian | |
NAME=dpkg | |
VERSION=1.19.0.4 | |
QUALIFIERS="distro=stretch" | |
# https://github.com/package-url/purl-spec | |
# https://github.com/snyk/os-purl-parser-container-library/blob/main/test/index.test.ts | |
PURL="${SCHEME}":"${TYPE}"/"${NAMESPACE}"/"${NAME}"@"${VERSION}"?"${QUALIFIERS}" | |
echo "${PURL}" > /dev/stderr # pipe to stderr so that stdout only returns a (parsable) JSON | |
URI_ENCODED_PURL=$(printf %s "${PURL}" | jq -sRr @uri) | |
echo "${URI_ENCODED_PURL}" > /dev/stderr # pipe to stderr so that stdout only returns a (parsable) JSON | |
curl --get \ | |
--header "Authorization: token ${SNYK_TOKEN}" \ | |
--data-urlencode "version=2023-05-22~beta" \ | |
https://api.snyk.io/rest/orgs/"${SNYK_ORG_ID}"/packages/"${URI_ENCODED_PURL}"/issues |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment