feat: add --remote-repo-url flag

help/help.txt

@@ -57,6 +57,9 @@ Options:
                        Prune dependency trees, removing duplicate sub-dependencies.
                        Will still find all vulnerabilities, but potentially not all
                        of the vulnerable paths.
+  --remote-repo-url=<string>
+                       (monitor command only)
+                       Set or override the remote URL for the repository that you would like to monitor.
 
 Gradle options:
   --sub-project=<string> (alias: --gradle-sub-project)

src/cli/commands/monitor.ts

@@ -80,6 +80,10 @@ async function monitor(...args0: MethodArgs): Promise<any> {
     throw new Error('`--all-sub-projects` is currently not compatible with `--project-name`');
   }
 
+  if (options.docker && options['remote-repo-url']) {
+    throw new Error('`--remote-repo-url` is not supported for container scans');
+  }
+
   apiTokenExists();
 
   if (options['experimental-dep-graph']) {
@@ -148,6 +152,7 @@ async function monitor(...args0: MethodArgs): Promise<any> {
         'isDocker': !!options.docker,
         'prune': !!options['prune-repeated-subdependencies'],
         'experimental-dep-graph': !!options['experimental-dep-graph'],
+        'remote-repo-url': options['remote-repo-url'],
     };
 
       // We send results from "all-sub-projects" scanning as different Monitor objects

src/lib/monitor.ts

@@ -15,6 +15,7 @@ import {MonitorError, ConnectionTimeoutError} from './errors';
 import { countPathsToGraphRoot, pruneGraph } from './prune';
 import { GRAPH_SUPPORTED_PACKAGE_MANAGERS } from './package-managers';
 import { legacyPlugin as pluginApi } from '@snyk/cli-interface';
+import { GitTarget } from './project-metadata/types';
 
 const debug = Debug('snyk');
 
@@ -160,7 +161,7 @@ export async function monitor(
   }
   policy = await snyk.policy.load(policyLocations, {loose: true});
 
-  const target = await projectMetadata.getInfo(pkg);
+  const target = await getTarget(pkg, meta);
   const targetFileRelativePath = targetFile ? path.relative(root, targetFile) : '';
 
   if (target && target.branch) {
@@ -258,7 +259,7 @@ export async function monitorGraph(
   }
   policy = await snyk.policy.load(policyLocations, {loose: true});
 
-  const target = await projectMetadata.getInfo(pkg);
+  const target = await getTarget(pkg, meta);
   const targetFileRelativePath = targetFile ? path.relative(root, targetFile) : '';
 
   if (target && target.branch) {
@@ -351,3 +352,13 @@ function pluckPolicies(pkg) {
     return pluckPolicies(pkg.dependencies[name]);
   }).filter(Boolean));
 }
+
+async function getTarget(pkg: DepTree, meta: MonitorMeta): Promise<GitTarget | null> {
+  const target = await projectMetadata.getInfo(pkg);
+
+  // Override the remoteUrl if the --remote-repo-url flag was set
+  if (meta['remote-repo-url']) {
+    return { ...target, remoteUrl: meta['remote-repo-url'] };
+  }
+  return target;
+}

src/lib/project-metadata/types.ts

@@ -1,4 +1,4 @@
 export interface GitTarget {
   remoteUrl: string;
-  branch: string;
+  branch?: string;
 }

src/lib/types.ts

@@ -79,6 +79,7 @@ export interface MonitorMeta {
   isDocker: boolean;
   prune: boolean;
   'experimental-dep-graph'?: boolean;
+  'remote-repo-url'?: string;
 }
 
 export interface MonitorResult {

test/acceptance/cli.acceptance.test.ts

@@ -2485,6 +2485,15 @@ test('`monitor npm-package with custom --project-name`', async (t) => {
   t.equal(req.body.meta.projectName, 'custom-project-name');
 });
 
+test('`monitor npm-package with custom --remote-repo-url`', async (t) => {
+  chdirWorkspaces();
+  await cli.monitor('npm-package', {
+    'remote-repo-url': 'a-fake-remote',
+  });
+  const req = server.popRequest();
+  t.equal(req.body.target.remoteUrl, 'a-fake-remote');
+});
+
 test('`monitor npm-package with dev dep flag`', async (t) => {
   chdirWorkspaces();
   await cli.monitor('npm-package', { dev: true });