Merge pull request #5415 from snyk/fix/UNIFY-235-container-dep-graphs…

…-streams fix: print all detected dep-graphs of a container image
snyk · Aug 15, 2024 · 2c934a6 · 2c934a6
2 parents 589ac68 + ea43977
commit 2c934a6
Show file tree

Hide file tree

Showing 4 changed files with 94 additions and 32 deletions.
diff --git a/src/lib/snyk-test/assemble-payloads.ts b/src/lib/snyk-test/assemble-payloads.ts
@@ -7,11 +7,7 @@ import { getPlugin } from '../ecosystems';
 import { Ecosystem, ContainerTarget, ScanResult } from '../ecosystems/types';
 import { Options, PolicyOptions, TestOptions } from '../types';
 import { Payload } from './types';
-import {
-  assembleQueryString,
-  printDepGraph,
-  shouldPrintDepGraph,
-} from './common';
+import { assembleQueryString } from './common';
 import { spinner } from '../spinner';
 import { findAndLoadPolicyForScanResult } from '../ecosystems/policy';
 import { getAuthHeader } from '../../lib/api-token';
@@ -58,22 +54,6 @@ export async function assembleEcosystemPayloads(
       scanResult.name =
         options['project-name'] || config.PROJECT_NAME || scanResult.name;
 
-      if (shouldPrintDepGraph(options)) {
-        spinner.clear<void>(spinnerLbl)();
-
-        // not every scanResult has a 'depGraph' fact, for example the JAR
-        // fingerprints. I don't think we have another option than to skip
-        // those.
-        const dg = scanResult.facts.find((dg) => dg.type === 'depGraph');
-        if (dg) {
-          await printDepGraph(
-            dg.data.toJSON(),
-            constructProjectName(scanResult),
-            process.stdout,
-          );
-        }
-      }
-
       payloads.push({
         method: 'POST',
         url: `${config.API}${options.testDepGraphDockerEndpoint ||
@@ -108,7 +88,7 @@ export async function assembleEcosystemPayloads(
 // constructProjectName attempts to construct the project name the same way that
 // registry does. This is a bit difficult because in Registry, the code is
 // distributed over multiple functions and files that need to be kept in sync...
-function constructProjectName(sr: ScanResult): string {
+export function constructProjectName(sr: ScanResult): string {
   let suffix = '';
   if (sr.identity.targetFile) {
     suffix = ':' + sr.identity.targetFile;

diff --git a/src/lib/snyk-test/run-test.ts b/src/lib/snyk-test/run-test.ts
@@ -72,7 +72,10 @@ import {
 import { getAuthHeader } from '../api-token';
 import { getEcosystem } from '../ecosystems';
 import { Issue } from '../ecosystems/types';
-import { assembleEcosystemPayloads } from './assemble-payloads';
+import {
+  assembleEcosystemPayloads,
+  constructProjectName,
+} from './assemble-payloads';
 import { makeRequest } from '../request';
 import { spinner } from '../spinner';
 import { hasUnknownVersions } from '../dep-graph';
@@ -235,6 +238,8 @@ async function sendAndParseResults(
   options: Options & TestOptions,
 ): Promise<TestResult[]> {
   const results: TestResult[] = [];
+  const ecosystem = getEcosystem(options);
+  const depGraphs = new Map<string, depGraphLib.DepGraphData>();
 
   await spinner.clear<void>(spinnerLbl)();
   if (!options.quiet) {
@@ -303,12 +308,16 @@ async function sendAndParseResults(
       options,
     );
 
-    const ecosystem = getEcosystem(options);
     if (ecosystem && options['print-deps']) {
       await spinner.clear<void>(spinnerLbl)();
       await maybePrintDepGraph(options, depGraph);
     }
 
+    if (ecosystem && depGraph) {
+      const targetName = scanResult ? constructProjectName(scanResult) : '';
+      depGraphs.set(targetName, depGraph.toJSON());
+    }
+
     const legacyRes = convertIssuesToAffectedPkgs(response);
 
     const result = await parseRes(
@@ -333,6 +342,15 @@ async function sendAndParseResults(
       hasUnknownVersions,
     });
   }
+
+  if (ecosystem && shouldPrintDepGraph(options)) {
+    await spinner.clear<void>(spinnerLbl)();
+    for (const [targetName, depGraph] of depGraphs.entries()) {
+      await printDepGraph(depGraph, targetName, process.stdout);
+    }
+    return [];
+  }
+
   return results;
 }
 
@@ -346,7 +364,10 @@ export async function runTest(
   try {
     const payloads = await assemblePayloads(root, options, featureFlags);
 
-    if (shouldPrintDepGraph(options)) {
+    // At this point managed ecosystems have dependency graphs printed.
+    // Containers however require another roundtrip to get all the
+    // dependency graph artifacts for printing.
+    if (!options.docker && shouldPrintDepGraph(options)) {
       const results: TestResult[] = [];
       return results;
     }