Merge branch main into fix/IGNR-245-fix-broken-license-issue-url

.circleci/config.yml

@@ -298,7 +298,7 @@ commands:
     parameters:
       items:
         type: string
-        default: go gradle python elixir composer gradle@6 maven sbt dotnet
+        default: go gradle python pipenv elixir composer gradle@6 maven sbt dotnet
     steps:
       - run:
           name: Installing Rosetta
@@ -334,7 +334,7 @@ commands:
           name: Installing Node.js + other test dependencies
           command: |
             apk add --update nodejs npm bash maven git go gradle python3 py3-pip elixir composer
-            pip3 install pipenv requests PyYAML
+            pip3 install pipenv requests PyYAML setuptools==70.3.0
             wget https://dot.net/v1/dotnet-install.sh -O dotnet-install.sh && chmod +x dotnet-install.sh && ./dotnet-install.sh
 
   failed-release-notification:

.github/workflows/smoke-tests.yml

@@ -93,7 +93,7 @@ jobs:
         if: ${{ matrix.snyk_install_method == 'docker-bundle' && matrix.os == 'macos' }}
         run: |
           pushd "$(mktemp -d)"
-          curl 'https://static.snyk.io/cli/latest/${{ matrix.snyk_cli_dl_file }}' | tar -xz
+          curl 'https://downloads.snyk.io/cli/latest/${{ matrix.snyk_cli_dl_file }}' | tar -xz
           pushd ./docker
           ls -la
           sudo ln -s "$(pwd)/snyk-mac.sh" ./snyk
@@ -116,7 +116,7 @@ jobs:
       - name: Install Snyk with binary - Non-Windows
         if: ${{ matrix.snyk_install_method == 'binary' && matrix.os != 'windows' }}
         run: |
-          curl -Lo ./snyk-cli 'https://static.snyk.io/cli/latest/${{ matrix.snyk_cli_dl_file }}'
+          curl -Lo ./snyk-cli 'https://downloads.snyk.io/cli/latest/${{ matrix.snyk_cli_dl_file }}'
           chmod -R +x ./snyk-cli
           sudo mv ./snyk-cli /usr/local/bin/snyk
           snyk --version

CONTRIBUTING.md

@@ -1,6 +1,6 @@
 # Contributing
 
-> This guide is for internal Snyk contributors with write access to this repository. If you are an external contributor, before working on any contributions, please first [contact support](https://support.snyk.io) to discuss the issue or feature request with us.
+> This guide is for internal Snyk contributors with write access to this repository.
 
 ## Prerequisites
 

README.md

@@ -115,14 +115,16 @@ For detailed information about the CLI, see the [CLI docs](https://docs.snyk.io/
 
 [Submit a ticket](https://support.snyk.io/hc/en-us/requests/new) to Snyk support whenever you need help with the Snyk CLI or Snyk in general. Note that Snyk support does not actively monitor GitHub Issues on any [Snyk development project](https://github.com/snyk).
 
-## Contributing to the Snyk CLI
+## Security
 
-The Snyk CLI project is open-source, but Snyk does not encourage outside contributors.
+For any security issues or concerns, see the [SECURITY.md](https://github.com/snyk/snyk/blob/master/SECURITY.md) file in the GitHub repository.
 
-You may look into [design decisions for the Snyk CLI](https://github.com/snyk/snyk/blob/master/help/_about-this-project/README.md).
+## Snyk CLI is closed to contributions
 
-The Snyk CLI repository is a monorepo that also covers other projects and tools, such as [@snyk/protect](https://github.com/snyk/snyk/tree/master/packages/snyk-protect), also available at [npm package for snyk-protect command](https://www.npmjs.com/package/@snyk/protect).
+Effective July 22, 2024, Snyk CLI will no longer accept external contributions.
 
-## Security
+Due to the CLI's extensive usage and intricate nature, even minor modifications can have unforeseen consequences. Since introducing [release channels](https://snyk.io/blog/snyk-cli-semantic-versioning-and-release-channels/) to our code in April 2024, our focus has been on stabilizing releases. We believe this open-source, closed-contribution model best serves this goal.
 
-For any security issues or concerns, see the [SECURITY.md](https://github.com/snyk/snyk/blob/master/SECURITY.md) file in the GitHub repository.
+In the spirit of transparency to Snyk customers and CLI users, we will continue to working in public. However, going forward, we are closed to contributions.
+
+We appreciate and extend our gratitude to the Snyk community.

cliv2/cmd/cliv2/debug.go

@@ -12,50 +12,33 @@ import (
 
 	"github.com/snyk/go-application-framework/pkg/configuration"
 	"github.com/snyk/go-application-framework/pkg/logging"
-)
 
-func getDebugLevel(config configuration.Configuration, logger *zerolog.Logger) zerolog.Level {
-	loglevel := zerolog.DebugLevel
-	if loglevelString := config.GetString("snyk_log_level"); loglevelString != "" {
-		var err error
-		loglevel, err = zerolog.ParseLevel(loglevelString)
-		if err == nil {
-			logger.Log().Msgf("Setting log level to %s", loglevelString)
-		} else {
-			logger.Log().Msgf("%v", err)
-			loglevel = zerolog.DebugLevel
-		}
-	}
-	return loglevel
-}
+	debug_tools "github.com/snyk/cli/cliv2/internal/debug"
+)
 
 func initDebugLogger(config configuration.Configuration) *zerolog.Logger {
-	debug := config.GetBool(configuration.DEBUG)
-	if !debug {
-		return &noopLogger
-	} else {
-		var consoleWriter = zerolog.ConsoleWriter{
-			Out:        os.Stderr,
-			TimeFormat: time.RFC3339,
-			NoColor:    true,
-			PartsOrder: []string{
-				zerolog.TimestampFieldName,
-				"ext",
-				"separator",
-				zerolog.CallerFieldName,
-				zerolog.MessageFieldName,
-			},
-			FieldsExclude: []string{"ext", "separator"},
-			FormatTimestamp: func(i interface{}) string {
-				t, _ := time.Parse(time.RFC3339, i.(string))
-				return strings.ToUpper(t.UTC().Format(time.RFC3339))
-			},
-		}
-
-		scrubLogger := logging.NewScrubbingWriter(zerolog.MultiLevelWriter(consoleWriter), logging.GetScrubDictFromConfig(config))
-		localLogger := zerolog.New(scrubLogger).With().Str("ext", "main").Str("separator", "-").Timestamp().Logger()
-		loglevel := getDebugLevel(config, &localLogger)
-		debugLogger := localLogger.Level(loglevel)
-		return &debugLogger
+	var consoleWriter = zerolog.ConsoleWriter{
+		Out:        os.Stderr,
+		TimeFormat: time.RFC3339,
+		NoColor:    true,
+		PartsOrder: []string{
+			zerolog.TimestampFieldName,
+			"ext",
+			"separator",
+			zerolog.CallerFieldName,
+			zerolog.MessageFieldName,
+		},
+		FieldsExclude: []string{"ext", "separator"},
+		FormatTimestamp: func(i interface{}) string {
+			t, _ := time.Parse(time.RFC3339, i.(string))
+			return strings.ToUpper(t.UTC().Format(time.RFC3339))
+		},
 	}
+
+	scrubLogger := logging.NewScrubbingWriter(zerolog.MultiLevelWriter(consoleWriter), logging.GetScrubDictFromConfig(config))
+	localLogger := zerolog.New(scrubLogger).With().Str("ext", "main").Str("separator", "-").Timestamp().Logger()
+	loglevel := debug_tools.GetDebugLevel(config)
+	debugLogger := localLogger.Level(loglevel)
+	debugLogger.Log().Msgf("Using log level: %s", loglevel)
+	return &debugLogger
 }

cliv2/cmd/cliv2/logheader.go

@@ -80,6 +80,8 @@ func getFipsStatus(config configuration.Configuration) string {
 }
 
 func writeLogHeader(config configuration.Configuration, networkAccess networking.NetworkAccess) {
+	keys := []string{configuration.API_URL, configuration.AUTHENTICATION_TOKEN, configuration.AUTHENTICATION_BEARER_TOKEN, configuration.ORGANIZATION}
+
 	authorization, _, userAgent := logHeaderAuthorizationInfo(config, networkAccess)
 
 	org := config.GetString(configuration.ORGANIZATION)
@@ -116,4 +118,18 @@ func writeLogHeader(config configuration.Configuration, networkAccess networking
 	tablePrint("Features", "")
 	tablePrint("  preview", previewFeaturesEnabled)
 	tablePrint("  fips", fipsEnabled)
+	tablePrint("Checks", "")
+
+	checkCount := 0
+	for _, key := range keys {
+		keysSpecified := config.GetAllKeysThatContainValues(key)
+		if len(keysSpecified) > 1 {
+			checkCount++
+			tablePrint("  Configuration", fmt.Sprintf("Possible unexpected behavior, the following configuration values might override each other %s", strings.ToUpper(strings.Join(keysSpecified, ", "))))
+		}
+	}
+
+	if checkCount == 0 {
+		tablePrint("  Configuration", "all good")
+	}
 }

cliv2/cmd/cliv2/main.go

@@ -60,6 +60,7 @@ var interactionId = uuid.NewString()
 const (
 	unknownCommandMessage  string = "unknown command"
 	disable_analytics_flag string = "DISABLE_ANALYTICS"
+	debug_level_flag       string = "log-level"
 )
 
 type JsonErrorStruct struct {
@@ -90,6 +91,7 @@ func initApplicationConfiguration(config configuration.Configuration) {
 	config.AddAlternativeKeys(configuration.ANALYTICS_DISABLED, []string{strings.ToLower(constants.SNYK_ANALYTICS_DISABLED_ENV), "snyk_cfg_disable_analytics", "disable-analytics", "disable_analytics"})
 	config.AddAlternativeKeys(configuration.ORGANIZATION, []string{"snyk_cfg_org"})
 	config.AddAlternativeKeys(configuration.PREVIEW_FEATURES_ENABLED, []string{"snyk_preview"})
+	config.AddAlternativeKeys(configuration.LOG_LEVEL, []string{debug_level_flag})
 
 	// if the CONFIG_KEY_OAUTH_TOKEN is specified as env var, we don't apply any additional logic
 	_, ok := os.LookupEnv(auth.CONFIG_KEY_OAUTH_TOKEN)
@@ -311,6 +313,7 @@ func getGlobalFLags() *pflag.FlagSet {
 	globalFLags := workflow.FlagsetFromConfigurationOptions(globalConfigurationOptions)
 	globalFLags.Bool(basic_workflows.PROXY_NOAUTH, false, "")
 	globalFLags.Bool(disable_analytics_flag, false, "")
+	globalFLags.String(debug_level_flag, "debug", "")
 	return globalFLags
 }
 
@@ -558,7 +561,7 @@ func MainWithErrorCode() int {
 	displayError(err, globalEngine.GetUserInterface(), globalConfiguration)
 
 	exitCode := cliv2.DeriveExitCode(err)
-	globalLogger.Printf("Exiting with %d", exitCode)
+	globalLogger.Printf("Exiting with %d (cause: %v)", exitCode, err)
 
 	targetId, targetIdError := instrumentation.GetTargetId(globalConfiguration.GetString(configuration.INPUT_DIRECTORY), instrumentation.AutoDetectedTargetId, instrumentation.WithConfiguredRepository(globalConfiguration))
 	if targetIdError != nil {

cliv2/go.mod

@@ -9,16 +9,16 @@ require (
 	github.com/golang/mock v1.6.0
 	github.com/google/uuid v1.6.0
 	github.com/pkg/errors v0.9.1
-	github.com/rs/zerolog v1.32.0
+	github.com/rs/zerolog v1.33.0
 	github.com/snyk/cli-extension-dep-graph v0.0.0-20240426125928-8d56ac52821e
 	github.com/snyk/cli-extension-iac-rules v0.0.0-20240422133948-ae17a4306672
-	github.com/snyk/cli-extension-sbom v0.0.0-20240619142341-3b3fe79e862c
+	github.com/snyk/cli-extension-sbom v0.0.0-20240722082449-69a631da39ad
 	github.com/snyk/container-cli v0.0.0-20240322120441-6d9b9482f9b1
-	github.com/snyk/error-catalog-golang-public v0.0.0-20240605115201-8461850930e6
-	github.com/snyk/go-application-framework v0.0.0-20240627194757-cc0fb551c613
+	github.com/snyk/error-catalog-golang-public v0.0.0-20240809094525-c48d19c27edb
+	github.com/snyk/go-application-framework v0.0.0-20240809101931-3de5b6fbaf62
 	github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65
 	github.com/snyk/snyk-iac-capture v0.6.5
-	github.com/snyk/snyk-ls v0.0.0-20240628143418-3bfd57e618c2
+	github.com/snyk/snyk-ls v0.0.0-20240724110216-fff14d6d09e0
 	github.com/spf13/cobra v1.8.0
 	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.9.0
@@ -33,11 +33,11 @@ require (
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/OneOfOne/xxhash v1.2.8 // indirect
 	github.com/ProtonMail/go-crypto v1.0.0 // indirect
-	github.com/adrg/xdg v0.4.0 // indirect
+	github.com/adrg/strutil v0.3.1 // indirect
+	github.com/adrg/xdg v0.5.0 // indirect
 	github.com/agext/levenshtein v1.2.3 // indirect
 	github.com/agnivade/levenshtein v1.1.1 // indirect
 	github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa // indirect
-	github.com/amplitude/analytics-go v1.0.1 // indirect
 	github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect
 	github.com/apparentlymart/go-cidr v1.1.0 // indirect
 	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
@@ -68,7 +68,7 @@ require (
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/gertd/go-pluralize v0.2.1 // indirect
 	github.com/getkin/kin-openapi v0.124.0 // indirect
-	github.com/getsentry/sentry-go v0.27.0 // indirect
+	github.com/getsentry/sentry-go v0.28.1 // indirect
 	github.com/ghodss/yaml v1.0.0 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.5.0 // indirect
@@ -81,7 +81,7 @@ require (
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
-	github.com/gomarkdown/markdown v0.0.0-20240419095408-642f0ee99ae2 // indirect
+	github.com/gomarkdown/markdown v0.0.0-20240626202925-2eda941fd024 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
@@ -114,7 +114,7 @@ require (
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
-	github.com/klauspost/compress v1.17.0 // indirect
+	github.com/klauspost/compress v1.17.7 // indirect
 	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
@@ -135,6 +135,7 @@ require (
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
 	github.com/open-policy-agent/opa v0.51.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/otiai10/copy v1.14.0 // indirect
 	github.com/pact-foundation/pact-go/v2 v2.0.5 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
 	github.com/perimeterx/marshmallow v1.1.5 // indirect
@@ -144,14 +145,12 @@ require (
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/puzpuzpuz/xsync v1.5.2 // indirect
-	github.com/puzpuzpuz/xsync/v3 v3.1.0 // indirect
+	github.com/puzpuzpuz/xsync/v3 v3.3.1 // indirect
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 // indirect
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
-	github.com/segmentio/analytics-go v3.1.0+incompatible // indirect
-	github.com/segmentio/backo-go v1.1.0 // indirect
 	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
 	github.com/shirou/gopsutil v3.21.11+incompatible // indirect
 	github.com/skeema/knownhosts v1.2.2 // indirect
@@ -185,17 +184,17 @@ require (
 	go.opentelemetry.io/otel/metric v1.22.0 // indirect
 	go.opentelemetry.io/otel/trace v1.22.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/crypto v0.23.0 // indirect
-	golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect
-	golang.org/x/mod v0.17.0 // indirect
-	golang.org/x/net v0.25.0 // indirect
-	golang.org/x/oauth2 v0.20.0 // indirect
+	golang.org/x/crypto v0.25.0 // indirect
+	golang.org/x/exp v0.0.0-20240707233637-46b078467d37 // indirect
+	golang.org/x/mod v0.19.0 // indirect
+	golang.org/x/net v0.27.0 // indirect
+	golang.org/x/oauth2 v0.21.0 // indirect
 	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/sys v0.20.0 // indirect
-	golang.org/x/term v0.20.0 // indirect
-	golang.org/x/text v0.15.0 // indirect
+	golang.org/x/sys v0.22.0 // indirect
+	golang.org/x/term v0.22.0 // indirect
+	golang.org/x/text v0.16.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.21.0 // indirect
+	golang.org/x/tools v0.23.0 // indirect
 	google.golang.org/api v0.160.0 // indirect
 	google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20240227224415-6ceb2ff114de // indirect