.github/CODEOWNERS

@@ -69,6 +69,7 @@ src/cli/commands/log4shell-hashes.ts @snyk/tundra
 src/cli/commands/log4shell.ts @snyk/tundra
 test/fixtures/unmanaged-log4j-fixture @snyk/tundra
 test/jest/acceptance/snyk-log4shell/log4shell-detection.spec.ts @snyk/tundra
+test/jest/acceptance/snyk-test/app-vuln-container-project.spec.ts @snyk/mycelium
 /.github @snyk/hammer
 
 # tap tests ownership

CONTRIBUTING.md

@@ -117,6 +117,14 @@ Use [fake-server](./test/acceptance/fake-server.ts) to mock any Snyk API calls.
 
 Place fixtures in `./test/fixtures`. Keep them minimal to reduce maintenance. Use [`createProject`](./test/jest/util/createProject.ts) to use your fixtures in isolated working directories for your tests.
 
+### Smoke Tests
+
+Smoke tests typically don't run on branches unless the branch is specifically prefixed with `smoke/`. They usually run on an hourly basis against the latest published version of the CLI.
+
+If you merge a PR that changes smoke tests, remember that the tests will fail until your changes are deployed.
+
+See [the smoke tests readme](./test/smoke/README.md) for more info
+
 ## Code ownership
 
 For current ownership assignments, see: [CODEOWNERS](./.github/CODEOWNERS).

help/cli-commands/monitor.md

@@ -180,10 +180,14 @@ Auto-detect maven jars, aars, and wars in given directory. To monitor individual
 
 ### `--reachable`
 
+WARNING: Will be removed on 15 August 2022
+
 Analyze your source code to find which vulnerable functions and packages are called. Cannot be used with `--all-projects`
 
 ### `--reachable-timeout=<TIMEOUT>`
 
+WARNING: Will be removed on 15 August 2022
+
 Specify the amount of time (in seconds) to wait for Snyk to gather reachability data. If it takes longer than `<TIMEOUT>`, reachable vulnerabilities are not reported. This does not affect regular test or monitor output.
 
 Default: 300 (5 minutes).

help/cli-commands/test.md

@@ -185,10 +185,14 @@ Auto-detect maven jars, aars, and wars in given directory. To test individually
 
 ### `--reachable`
 
+WARNING: Will be removed on 15 August 2022
+
 Analyze your source code to find which vulnerable functions and packages are called. Cannot be used with `--all-projects`
 
 ### `--reachable-timeout=<TIMEOUT>`
 
+WARNING: Will be removed on 15 August 2022
+
 Specify the amount of time (in seconds) to wait for Snyk to gather reachability data. If it takes longer than `<TIMEOUT>`, reachable vulnerabilities are not reported. This does not affect regular test or monitor output.
 
 Default: 300 (5 minutes).

src/lib/formatters/test/format-test-results.ts

@@ -102,7 +102,7 @@ export function extractDataToSendFromResults(
   let jsonData = jsonResults.length === 1 ? jsonResults[0] : jsonResults;
 
   // for container projects, we want the app vulns data to be a part of the result object
-  if (options.docker && jsonResults.length > 1) {
+  if (options.docker && jsonResults.length > 1 && !options.experimental) {
     const appVulnsData = jsonData.splice(1);
     jsonData = jsonData[0];
     if (jsonData.vulnerabilities.length === 0) {

src/lib/iac/drift/driftctl.ts

@@ -35,29 +35,29 @@ export const DCTL_EXIT_CODES = {
   EXIT_ERROR: 2,
 };
 
-export const driftctlVersion = 'v0.35.0';
+export const driftctlVersion = 'v0.35.2';
 
 const driftctlChecksums = {
-  'driftctl_windows_386.exe':
-    '5e6978e30c9c35cd4ea2c852d90f3177efe4a537281dea47c0f6db367d080dca',
   driftctl_darwin_amd64:
-    'b5acbe50972552b34cbf56c33a412404459ee5f8d9e49a802015c505891d7685',
-  driftctl_linux_386:
-    '2a18e693d3dd89cb9f6e7e50697b873332444df19dbaf662a0ce0a7764a258e9',
-  driftctl_linux_amd64:
-    '03d5bcbca0f9afcbcbe170a9687755531e6bb4efab512b5051e0eca326a998ea',
-  driftctl_linux_arm64:
-    '86454fc4b6bbc58c3ddfcff585032789376fb6304f7a0dfdb6d9093ff5d1aecd',
-  'driftctl_windows_arm64.exe':
-    '1077249c2f1bf0a50ca7a16c9a412a06b4760360ac5a0c4cdbb776267966b47e',
+    '1e21863bb99d104da8a1e33999563cc172ca51bb5b6ac7d3a4bd9678e0285067',
+  'driftctl_windows_386.exe':
+    '20dc49a4faebfdbdf9f9198499ba2426ea6cda0666e82d81cd4e08a41516d5e0',
   driftctl_darwin_arm64:
-    'fb3ff9d4dd5645b90cbb895ec130decb35b1b6551e85680f2bf65a020cbeb489',
+    '37b7a4c72f4db62b056f1b534eb93fbb8dd32c303719ed4af87d9bd4d903fcf6',
+  driftctl_linux_arm64:
+    '3e6dabf013e097be1aac0e6e0f4ebcc3ada85a1906c6841d57fbe96c9ee9857e',
   'driftctl_windows_arm.exe':
-    '5f2d648033c911fba11e75da59307997d9d4c00ad7c897e8bfe6deec77bc7761',
-  driftctl_linux_arm:
-    'd471a53365e7f91c15e8d7c0f8272e35054803c0ac7f47fbb68647a5833b6aa0',
+    '480c330fefdc6e1d58de943817556a1cd183d32d58b6cb20c8127cd3b8753dc4',
+  driftctl_linux_amd64:
+    '80b7b99c343e1502f54321987c9f00fa3c381fbea819b1e440a0377b18706fb1',
   'driftctl_windows_amd64.exe':
-    'c15ee6ce7a5706cf3d9f0a8dc313156395e79fb1da6032c686facc7306e02faf',
+    'bbc71047bd75e1bcd80752b7c03c27c0d8d7d93bec72a70eb8bc8220687805de',
+  'driftctl_windows_arm64.exe':
+    'be1a5564ec3351503caa16121d192ad8d8e8f287a5324939214b20177c7363e4',
+  driftctl_linux_arm:
+    'd04c911bdb86092743077bfbb025bfb8391978236bb381122594aeaa77f9a68f',
+  driftctl_linux_386:
+    'e720c2f3c25594c7b83ffb2123c461283589b6ee73b9a59c1c4f48bb2bac2775',
 };
 
 const dctlBaseUrl = 'https://static.snyk.io/cli/driftctl/';

src/lib/iac/test/v2/setup/local-cache/policy-engine/constants/index.ts

@@ -3,7 +3,7 @@ import { formatPolicyEngineFileName, getChecksum } from './utils';
 /**
  * The Policy Engine release version associated with this Snyk CLI version.
  */
-export const policyEngineReleaseVersion = '0.4.2';
+export const policyEngineReleaseVersion = '0.7.4';
 
 /**
  * The Policy Engine executable's file name.

src/lib/iac/test/v2/setup/local-cache/policy-engine/constants/utils.ts

@@ -19,12 +19,12 @@ export function formatPolicyEngineFileName(releaseVersion: string) {
 }
 
 // this const is not placed in `index.ts` to avoid circular dependencies
-const policyEngineChecksums = `17c96fae83c7b7bd287999c3272303045a38051686ac60880c1b3e484773c10d  snyk-iac-test_0.4.2_Linux_x86_64
-1afa95542cfd7c32120b724886fa50d90fc10e186ed10a9cb96242d2dbcb9ace  snyk-iac-test_0.4.2_Windows_x86_64.exe
-1f34e0a099ec4af17b20d7a28f981a0b85902d5f13b315709a66614969d917f0  snyk-iac-test_0.4.2_Linux_arm64
-2340fefd5d389c2d91859aa0251d3dbfa738a1c5de02f6787029f37841c50421  snyk-iac-test_0.4.2_Darwin_arm64
-ec28b5cccd1d9066a5b341c979e465e2a6691339cb1fcc7d5ce3dece0e9fb8f9  snyk-iac-test_0.4.2_Windows_arm64.exe
-f3e54c7e105761851d2de578a6d39a8510af31ed4fbd91cf57162d7b4601f364  snyk-iac-test_0.4.2_Darwin_x86_64
+const policyEngineChecksums = `149794ee99d273cd461eb51dd0df6cac2d3b0eddc6f2c612af669bd1aa1b5ada  snyk-iac-test_0.7.4_Darwin_x86_64
+3263270469e144061e86caedea33c5df2917b036be0f78727880c802e1e5dbaa  snyk-iac-test_0.7.4_Windows_arm64.exe
+61fb24c4f70e0d6039d563d72bbaee3e7cb998b6f1486ad97fd43fddfeedcb42  snyk-iac-test_0.7.4_Darwin_arm64
+a466c326389c6f7e004b24ad2f5761e28b739832a48c9efcbf812a639280481b  snyk-iac-test_0.7.4_Windows_x86_64.exe
+f36a16eaf98bb4681c8dc60ae7301d56c6bd8b3595de0fe2baf2561a3cd3071a  snyk-iac-test_0.7.4_Linux_arm64
+fc0cdeb5c358c21a163e00c117cf6ae526d289fb04523e7e0ee91f2da7c52e66  snyk-iac-test_0.7.4_Linux_x86_64
 `;
 
 export function getChecksum(policyEngineFileName: string): string {

src/lib/options-validator.ts

@@ -10,6 +10,16 @@ export async function validateOptions(
   options: (Options & TestOptions) | (Options & MonitorOptions),
   packageManager?: SupportedPackageManagers,
 ): Promise<void> {
+  if (options.reachableVulns) {
+    alerts.registerAlerts([
+      {
+        type: 'warning',
+        name: 'reachable deprecation',
+        msg: reachableVulns.reachableVulnsRemovalMessage,
+      },
+    ]);
+  }
+
   if (options.reachableVulns) {
     // Throwing error only in case when both packageManager and allProjects not defined
     if (!packageManager && !isMultiProjectScan(options)) {

src/lib/reachable-vulns.ts

@@ -13,6 +13,7 @@ import {
 } from './errors';
 import { MonitorOptions, Options, TestOptions } from './types';
 import { isMultiProjectScan } from './is-multi-project-scan';
+import * as theme from './theme';
 
 const featureFlag = 'reachableVulns';
 
@@ -65,3 +66,7 @@ export async function validatePayload(
   }
   return true;
 }
+
+export const reachableVulnsRemovalMessage = theme.color.status.warn(
+  `${theme.icon.WARNING} Starting on 15 August 2022, the reachable (--reachable) flag will no longer be supported and will have no effect. We are currently developing new and improved capabilities for prioritizing vulnerabilities. Please follow https://updates.snyk.io for news and updates. We are sorry for the temporary inconvenience.\n`,
+);

test/jest/acceptance/snyk-test/app-vuln-container-project.spec.ts

@@ -18,12 +18,10 @@ describe('container test projects behavior with --app-vulns, --file and --exclud
     );
     const jsonOutput = JSON.parse(stdout);
 
-    expect(jsonOutput.ok).toEqual(false);
-    expect(jsonOutput.uniqueCount).toBeGreaterThan(0);
-    const applications = jsonOutput.applications;
-    expect(applications.length).toEqual(1);
-    expect(applications[0].uniqueCount).toBeGreaterThan(0);
-    expect(applications[0].ok).toEqual(false);
+    expect(jsonOutput[0].ok).toEqual(false);
+    expect(jsonOutput[0].uniqueCount).toBeGreaterThan(0);
+    expect(jsonOutput[1].ok).toEqual(false);
+    expect(jsonOutput[1].uniqueCount).toBeGreaterThan(0);
     expect(code).toEqual(1);
   }, 10000);
   it('should find all vulns when using --app-vulns without experimental flag', async () => {
@@ -113,7 +111,8 @@ describe('container test projects behavior with --app-vulns, --json flags', () =
     );
 
     const jsonOutput = JSON.parse(stdout);
-    expect(jsonOutput.applications).toHaveLength(1);
+    expect(Array.isArray(jsonOutput)).toBeTruthy();
+    expect(jsonOutput).toHaveLength(2);
     expect(code).toEqual(0);
   });
 });