diff --git a/help/help.txt b/help/help.txt index 9f9e102a48..ef08795025 100644 --- a/help/help.txt +++ b/help/help.txt @@ -57,6 +57,9 @@ Options: Prune dependency trees, removing duplicate sub-dependencies. Will still find all vulnerabilities, but potentially not all of the vulnerable paths. + --remote-repo-url= + (monitor command only) + Set or override the remote URL for the repository that you would like to monitor. Gradle options: --sub-project= (alias: --gradle-sub-project) diff --git a/src/cli/commands/monitor.ts b/src/cli/commands/monitor.ts index 4d8a70ab15..54bafcfd65 100644 --- a/src/cli/commands/monitor.ts +++ b/src/cli/commands/monitor.ts @@ -80,6 +80,10 @@ async function monitor(...args0: MethodArgs): Promise { throw new Error('`--all-sub-projects` is currently not compatible with `--project-name`'); } + if (options.docker && options['remote-repo-url']) { + throw new Error('`--remote-repo-url` is not supported for container scans'); + } + apiTokenExists(); if (options['experimental-dep-graph']) { @@ -148,6 +152,7 @@ async function monitor(...args0: MethodArgs): Promise { 'isDocker': !!options.docker, 'prune': !!options['prune-repeated-subdependencies'], 'experimental-dep-graph': !!options['experimental-dep-graph'], + 'remote-repo-url': options['remote-repo-url'], }; // We send results from "all-sub-projects" scanning as different Monitor objects diff --git a/src/lib/monitor.ts b/src/lib/monitor.ts index 4cda752561..db96c19533 100644 --- a/src/lib/monitor.ts +++ b/src/lib/monitor.ts @@ -15,6 +15,7 @@ import {MonitorError, ConnectionTimeoutError} from './errors'; import { countPathsToGraphRoot, pruneGraph } from './prune'; import { GRAPH_SUPPORTED_PACKAGE_MANAGERS } from './package-managers'; import { legacyPlugin as pluginApi } from '@snyk/cli-interface'; +import { GitTarget } from './project-metadata/types'; const debug = Debug('snyk'); @@ -160,7 +161,7 @@ export async function monitor( } policy = await snyk.policy.load(policyLocations, {loose: true}); - const target = await projectMetadata.getInfo(pkg); + const target = await getTarget(pkg, meta); const targetFileRelativePath = targetFile ? path.relative(root, targetFile) : ''; if (target && target.branch) { @@ -258,7 +259,7 @@ export async function monitorGraph( } policy = await snyk.policy.load(policyLocations, {loose: true}); - const target = await projectMetadata.getInfo(pkg); + const target = await getTarget(pkg, meta); const targetFileRelativePath = targetFile ? path.relative(root, targetFile) : ''; if (target && target.branch) { @@ -351,3 +352,13 @@ function pluckPolicies(pkg) { return pluckPolicies(pkg.dependencies[name]); }).filter(Boolean)); } + +async function getTarget(pkg: DepTree, meta: MonitorMeta): Promise { + const target = await projectMetadata.getInfo(pkg); + + // Override the remoteUrl if the --remote-repo-url flag was set + if (meta['remote-repo-url']) { + return { ...target, remoteUrl: meta['remote-repo-url'] }; + } + return target; +} diff --git a/src/lib/project-metadata/types.ts b/src/lib/project-metadata/types.ts index bcac5f5d6b..9e809419fd 100644 --- a/src/lib/project-metadata/types.ts +++ b/src/lib/project-metadata/types.ts @@ -1,4 +1,4 @@ export interface GitTarget { remoteUrl: string; - branch: string; + branch?: string; } diff --git a/src/lib/types.ts b/src/lib/types.ts index 4bc718322d..503f9514e2 100644 --- a/src/lib/types.ts +++ b/src/lib/types.ts @@ -79,6 +79,7 @@ export interface MonitorMeta { isDocker: boolean; prune: boolean; 'experimental-dep-graph'?: boolean; + 'remote-repo-url'?: string; } export interface MonitorResult { diff --git a/test/acceptance/cli.acceptance.test.ts b/test/acceptance/cli.acceptance.test.ts index 1893260d23..61a6501130 100644 --- a/test/acceptance/cli.acceptance.test.ts +++ b/test/acceptance/cli.acceptance.test.ts @@ -2485,6 +2485,15 @@ test('`monitor npm-package with custom --project-name`', async (t) => { t.equal(req.body.meta.projectName, 'custom-project-name'); }); +test('`monitor npm-package with custom --remote-repo-url`', async (t) => { + chdirWorkspaces(); + await cli.monitor('npm-package', { + 'remote-repo-url': 'a-fake-remote', + }); + const req = server.popRequest(); + t.equal(req.body.target.remoteUrl, 'a-fake-remote'); +}); + test('`monitor npm-package with dev dep flag`', async (t) => { chdirWorkspaces(); await cli.monitor('npm-package', { dev: true });