.circleci/config.yml

@@ -277,6 +277,20 @@ jobs:
             - dist/
             - packages/*/dist
             - pysrc
+  version:
+    executor: docker-node
+    steps:
+      - checkout
+      - attach_workspace:
+          at: .
+      - setup_npm
+      - run:
+          name: Deciding version
+          command: make binary-releases/version
+      - persist_to_workspace:
+          root: .
+          paths:
+            - binary-releases/version
   regression-test:
     parameters:
       test_snyk_command:
@@ -764,19 +778,24 @@ workflows:
           context: nodejs-install
           requires:
             - Build
-      - build-artifacts:
-          name: Build Artifacts
-          context:
-            - snyk-cli-pgp-signing
+      - version:
+          name: Version
           requires:
-            - Build
+            - Install
           filters:
             branches:
               only:
                 - /^chore\/.+$/
                 - /^.*test.*$/
                 - /^.*v2.*$/
                 - master
+      - build-artifacts:
+          name: Build Artifacts
+          context:
+            - snyk-cli-pgp-signing
+          requires:
+            - Build
+            - Version
       - test-windows:
           name: Acceptance Tests (snyk-win.exe)
           context: nodejs-install

Makefile

@@ -0,0 +1,20 @@
+#!make
+#
+# This Makefile is only for building release artifacts. Use `npm run` for CLIv1 scripts.
+#
+# Documentation: https://www.gnu.org/software/make/manual/make.html
+#
+
+# First target is default when running `make`.
+.PHONY: help
+help:
+	@echo 'Usage: make <target>'
+	@echo
+	@echo 'This Makefile is currently only for building release artifacts.'
+	@echo 'Use `npm run` for CLIv1 scripts.'
+
+binary-releases:
+	mkdir binary-releases
+
+binary-releases/version: | binary-releases
+	./release-scripts/next-version.sh > binary-releases/version

release-scripts/make-binaries.sh

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-mkdir binary-releases
+# Do not run this file locally. To build release artifacts, see CONTRIBUTING.
 
 mv "$(npm pack --workspace '@snyk/fix')" binary-releases/snyk-fix.tgz
 mv "$(npm pack --workspace '@snyk/protect')" binary-releases/snyk-protect.tgz
@@ -48,8 +48,7 @@ gpg --clear-sign --local-user=1F4B9569 --passphrase="$SNYK_CODE_SIGNING_GPG_PASS
 cat sha256sums.txt.asc
 popd
 
-BUILD_VERSION="$(jq -r '.version' package.json)"
-echo "${BUILD_VERSION}" > binary-releases/version
+BUILD_VERSION="$(cat binary-releases/version)"
 
 cp ./release-scripts/release.json binary-releases/release.json
 if [[ $(uname -s) == "Darwin" ]];then

release-scripts/next-version.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+set -euo pipefail
+# Checks the latest version of Snyk CLI on npm and decides the next version.
+# Only output the next version to stdout. All other output should go to stderr.
+
+CURRENT_VERSION="$(npm view snyk version)"
+RELEASE_BRANCH="master"
+if [ "${CIRCLE_BRANCH:-}" == "${RELEASE_BRANCH}" ]; then
+    NEXT_VERSION="$(npx semver "${CURRENT_VERSION}" -i minor)"
+else
+    NEXT_VERSION="${CURRENT_VERSION}-dev.$(git rev-parse HEAD)"
+fi
+echo "Current version: ${CURRENT_VERSION}" 1>&2
+echo "Next version:    ${NEXT_VERSION}" 1>&2
+
+echo "${NEXT_VERSION}"

release-scripts/prepare-packages-for-release.sh

@@ -1,15 +1,6 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-CURRENT_VERSION="$(npm view snyk version)"
-RELEASE_BRANCH="master"
-if [ "${CIRCLE_BRANCH}" == "${RELEASE_BRANCH}" ]; then
-  NEXT_VERSION="$(npx semver "${CURRENT_VERSION}" -i minor)"
-else
-  NEXT_VERSION="${CURRENT_VERSION}-dev.$(git rev-parse HEAD)"
-fi
-echo "Current version: ${CURRENT_VERSION}"
-echo "Next version: ${NEXT_VERSION}"
-
-npm version "${NEXT_VERSION}" --no-git-tag-version --workspaces --include-workspace-root
+BUILD_VERSION="$(cat binary-releases/version)"
+npm version "${BUILD_VERSION}" --no-git-tag-version --workspaces --include-workspace-root
 npx ts-node ./release-scripts/prune-dependencies-in-packagejson.ts

src/cli/commands/test/iac/index.ts

@@ -32,7 +32,6 @@ import {
   getIacDisplayErrorFileOutput,
   iacTestTitle,
   shouldLogUserMessages,
-  spinnerFailureMessage,
   spinnerMessage,
   spinnerSuccessMessage,
 } from '../../../../lib/formatters/iac-output';
@@ -86,7 +85,8 @@ export default async function(
   let iacIgnoredIssuesCount = 0;
   let iacOutputMeta: IacOutputMeta | undefined;
 
-  const isNewIacOutputSupported = await hasFeatureFlag('iacCliOutput', options);
+  const isNewIacOutputSupported =
+    config.IAC_OUTPUT_V2 || (await hasFeatureFlag('iacCliOutput', options));
 
   if (shouldLogUserMessages(options, isNewIacOutputSupported)) {
     console.log(EOL + iacTestTitle + EOL);
@@ -102,10 +102,10 @@ export default async function(
   }
 
   try {
-    testSpinner?.start(spinnerMessage);
-
     const rulesOrigin = await initRules(iacOrgSettings, options);
 
+    testSpinner?.start(spinnerMessage);
+
     for (const path of paths) {
       // Create a copy of the options so a specific test can
       // modify them i.e. add `options.file` etc. We'll need
@@ -197,7 +197,7 @@ export default async function(
   if (isPartialSuccess) {
     testSpinner?.succeed(spinnerSuccessMessage);
   } else {
-    testSpinner?.fail(spinnerFailureMessage + EOL);
+    testSpinner?.stop();
   }
 
   // resultOptions is now an array of 1 or more options used for

src/cli/commands/test/iac/local-execution/rules.ts

@@ -7,8 +7,8 @@ import {
   OCIRegistryURLComponents,
   RulesOrigin,
 } from './types';
+import { EOL } from 'os';
 import { UnsupportedEntitlementFlagError } from './assert-iac-options-flag';
-import chalk from 'chalk';
 import {
   extractOCIRegistryURLComponents,
   FailedToBuildOCIArtifactError,
@@ -21,6 +21,10 @@ import { config as userConfig } from '../../../../../lib/user-config';
 import { isValidUrl } from './url-utils';
 import { CustomError } from '../../../../../lib/errors';
 import { getErrorStringCode } from './error-utils';
+import {
+  customRulesMessage,
+  customRulesReportMessage,
+} from '../../../../../lib/formatters/iac-output';
 
 export async function initRules(
   iacOrgSettings: IacOrgSettings,
@@ -46,14 +50,13 @@ export async function initRules(
     (isOCIRegistryURLProvided || customRulesPath) &&
     !(options.sarif || options.json)
   ) {
-    let userMessage = 'Using custom rules to generate misconfigurations.';
+    let userMessage = `${customRulesMessage}${EOL}`;
 
     if (options.report) {
-      userMessage +=
-        "\nPlease note that your custom rules will not be sent to the Snyk platform, and will not be available on the project's page.";
+      userMessage += `${customRulesReportMessage}${EOL}`;
     }
 
-    console.log(chalk.hex('#ff9b00')(userMessage));
+    console.log(userMessage);
   }
 
   if (isOCIRegistryURLProvided && customRulesPath) {

src/lib/config.ts

@@ -1,5 +1,4 @@
 import * as snykConfig from 'snyk-config';
-import { InvalidEndpointConfigError } from './errors/invalid-endpoint-config-error';
 import { config as userConfig } from './user-config';
 import * as url from 'url';
 
@@ -24,6 +23,7 @@ interface Config {
   DRIFTCTL_PATH?: string;
   DRIFTCTL_URL?: string;
   IAC_BUNDLE_PATH?: string;
+  IAC_OUTPUT_V2?: boolean;
 }
 
 // TODO: fix the types!
@@ -37,7 +37,9 @@ if (endpoint && endpoint !== config.API) {
   const parsedEndpoint = url.parse(endpoint);
   // Endpoint option must be a valid URL including protocol
   if (!parsedEndpoint || !parsedEndpoint.protocol || !parsedEndpoint.host) {
-    throw new InvalidEndpointConfigError();
+    console.warn(
+      "Invalid 'endpoint' config option. Endpoint must be a full and valid URL including protocol and for Snyk.io it should contain path to '/api'",
+    );
   }
   console.warn(
     'Using a custom API endpoint from `snyk config` (tip: it should contain path to `/api`):',

src/lib/formatters/iac-output/index.ts

@@ -13,7 +13,8 @@ export {
   iacTestTitle,
   spinnerMessage,
   spinnerSuccessMessage,
-  spinnerFailureMessage,
+  customRulesMessage,
+  customRulesReportMessage,
   shouldLogUserMessages,
   formatShareResultsOutput,
   failuresTipOutput,

src/lib/formatters/iac-output/v2/failures/list.ts

@@ -1,12 +1,12 @@
 import { EOL } from 'os';
 
 import { IacFileInDirectory } from '../../../../types';
-import { colors } from '../color-utils';
+import { colors, contentPadding } from '../utils';
 
 export function formatIacTestFailures(testFailures: IacFileInDirectory[]) {
   const sectionComponents: string[] = [];
 
-  const titleOutput = colors.info.bold(`Test Failures`);
+  const titleOutput = colors.title(`Test Failures`);
   sectionComponents.push(titleOutput);
 
   const testFailuresListOutput = formatFailuresList(testFailures);
@@ -49,10 +49,11 @@ function formatFailure(
   failureReason: string,
   testFailures: IacFileInDirectory[],
 ): string {
-  const pathPrefix = 'Path: ';
+  const pathPrefix = contentPadding + 'Path: ';
   const pathLeftPadding = ' '.repeat(pathPrefix.length);
 
   return (
+    contentPadding +
     colors.failure.bold(failureReason) +
     EOL +
     pathPrefix +

src/lib/formatters/iac-output/v2/failures/tip.ts

@@ -1,7 +1,7 @@
 import { EOL } from 'os';
 import { contactSupportMessage, reTryMessage } from '../../../../common';
-import { colors } from '../color-utils';
+import { colors } from '../utils';
 
-export const failuresTipOutput = colors.failure.bold(
+export const failuresTipOutput = colors.info.bold(
   reTryMessage + EOL + contactSupportMessage,
 );

src/lib/formatters/iac-output/v2/index.ts

@@ -4,8 +4,9 @@ export {
   iacTestTitle,
   spinnerMessage,
   spinnerSuccessMessage,
-  spinnerFailureMessage,
   shouldLogUserMessages,
+  customRulesMessage,
+  customRulesReportMessage,
 } from './user-messages';
 export { formatShareResultsOutput } from './share-results';
 export { formatIacTestFailures, failuresTipOutput } from './failures';

src/lib/formatters/iac-output/v2/issues-list/index.ts

@@ -4,7 +4,7 @@ import * as isEmpty from 'lodash.isempty';
 import * as debug from 'debug';
 
 import { IacOutputMeta } from '../../../../types';
-import { colors } from '../color-utils';
+import { colors, contentPadding } from '../utils';
 import { formatScanResultsNewOutput } from './formatters';
 import { formatIssue } from './issue';
 import { SEVERITY } from '../../../../snyk-test/common';
@@ -23,7 +23,7 @@ export function getIacDisplayedIssues(
     return (
       titleOutput +
       EOL +
-      ' '.repeat(2) +
+      contentPadding +
       colors.success.bold('No vulnerable paths were found!')
     );
   }
@@ -34,7 +34,7 @@ export function getIacDisplayedIssues(
       const severityResults: FormattedOutputResult[] =
         formattedResults.results[severity];
 
-      const titleOutput = colors.severities[severity](
+      const titleOutput = colors.title(
         `${capitalize(severity)} Severity Issues: ${severityResults.length}`,
       );
 

src/lib/formatters/iac-output/v2/issues-list/issue.ts

@@ -4,7 +4,7 @@ import { EOL } from 'os';
 import { iacRemediationTypes } from '../../../../iac/constants';
 
 import { printPath } from '../../../remediation-based-format-issues';
-import { colors } from '../color-utils';
+import { colors, contentPadding } from '../utils';
 import { FormattedOutputResult } from './types';
 import { AnnotatedIacIssue } from '../../../../snyk-test/iac-test-result';
 
@@ -13,7 +13,13 @@ export function formatIssue(result: FormattedOutputResult): string {
 
   const propertiesOutput = formatProperties(result);
 
-  return titleOutput + EOL + propertiesOutput;
+  return (
+    contentPadding +
+    titleOutput +
+    EOL +
+    contentPadding +
+    propertiesOutput.join(EOL + contentPadding)
+  );
 }
 
 function formatTitle(issue: AnnotatedIacIssue): string {
@@ -25,7 +31,7 @@ function formatTitle(issue: AnnotatedIacIssue): string {
   return titleOutput;
 }
 
-function formatProperties(result: FormattedOutputResult): string {
+function formatProperties(result: FormattedOutputResult): string[] {
   const remediationKey = iacRemediationTypes?.[result.projectType];
 
   const properties = [
@@ -55,10 +61,8 @@ function formatProperties(result: FormattedOutputResult): string {
     ...properties.map(([key]) => key.length),
   );
 
-  return properties
-    .map(
-      ([key, value]) =>
-        `${key}: ${' '.repeat(maxPropertyNameLength - key.length)}${value}`,
-    )
-    .join(EOL);
+  return properties.map(
+    ([key, value]) =>
+      `${key}: ${' '.repeat(maxPropertyNameLength - key.length)}${value}`,
+  );
 }

src/lib/formatters/iac-output/v2/share-results.ts

@@ -1,6 +1,6 @@
 import { IacOutputMeta } from '../../../types';
 import { shareResultsOutput } from '../v1';
-import { colors } from './color-utils';
+import { colors } from './utils';
 
 export function formatShareResultsOutput(outputMeta: IacOutputMeta) {
   return colors.info.bold(shareResultsOutput(outputMeta));

src/lib/formatters/iac-output/v2/test-summary.ts

@@ -3,7 +3,7 @@ import { rightPadWithSpaces } from '../../../right-pad';
 import { SEVERITY } from '../../../snyk-test/common';
 import { icon } from '../../../theme';
 import { IacOutputMeta } from '../../../types';
-import { colors } from './color-utils';
+import { colors } from './utils';
 import { IacTestData } from './types';
 
 const PAD_LENGTH = 19; // chars to align