snyk-tech-services / snyk-licenses-texts Goto Github PK

Describe the user need
For a few dependencies Snyk is not able to find the license and will label it unknown. We have solved these with a comment on the dependency in the GUI.
Consequently we would want Snyk to make it possible to fetch comments about unknown licenses, maybe as an optional field, instead of having to do this manually after creating the document.

Describe the user need
The ability to pass a target id to generate a license report.

Currently, to generate a license report for a specific target then you need to retrieve the org id and all the project Id's for that target from Snyk and append as args to the CLI call with --orgPublicId and them to a number of --project e.g.

snyk-licenses-report generate --orgPublicId=<ORG_PUBLIC_ID> --project=<PROJECT_PUBLIC_ID_1> --project=<PROJECT_PUBLIC_ID_2>

Describe expected behaviour
If you could pass the --orgPublicId along with a target id --targetId and a report could be generated for all the projects associated/within the target.
snyk-licenses-report generate --orgPublicId=<ORG_PUBLIC_ID> --targetId=<TARGET_ID>

Additional context

Add any other context or screenshots about the feature request here.

Describe the user need

The license text of "GPL-2.0-with-classpath-exception" is shown below:

It includes "insert GPL v2 license text here" line.
Probably this text came from here:
https://spdx.org/licenses/GPL-2.0-with-classpath-exception.html
But the customer want GPL v2 license text inserted in this license text.

Describe expected behaviour

The customer expects actual GPL v2 license text is inserted in the "insert GPL v2 license text here" line.

Additional context

Please provide all that are applicable:

• Node version: v16.14.0
• NPM version: 8.8.0
• Library version: 1.24.1
• OS: OSX
• Command run: $ DEBUG=snyk-license* ~/Downloads/snyk-licenses-texts-macos g --orgPublicId=<PUBLIC_ID> --project=<PROJ_ID>

Expected behaviour

Attribution report contains all available copyright statements available in Snyk.

Actual behaviour

Report includes some, but misses many copyright statements available on https://app.snyk.io.

Steps to reproduce

1. Run DEBUG=snyk-license* ~/Downloads/snyk-licenses-texts-macos g --orgPublicId=<PUBLIC_ID> --project=<PROJ_ID> on any project.

Debug log

snyk-licenses:generate ℹ️  Options: {"orgPublicId":"<PUBLIC_ID>","outputFormat":"html","view":"org-licenses","project":["<PROJ_ID>"]} +0ms
  snyk-licenses:generateOrgLicensesReport ℹ️  Generating license data for Org:<PUBLIC_ID> +0ms
  snyk-licenses:getLicenseDataForOrg Fetching licenses data for page 2 +0ms
  snyk-licenses:getDependenciesDataForOrg Fetching dependencies data for page 2 +0ms
  snyk-licenses:getLicenseDataForOrg Received 100 items, overall 16/8 received so far +549ms
  snyk-licenses:getDependenciesDataForOrg Received 20 items, overall 10/25 received so far +661ms
  snyk-licenses:getDependenciesDataForOrg Fetching dependencies data for page 3 +0ms
  snyk-licenses:getDependenciesDataForOrg Received 20 items, overall 0/25 received so far +2s
  snyk-licenses:generateOrgLicensesReport ✅ Got license API data for Org:<PUBLIC_ID> +2s
  snyk-licenses:generateOrgLicensesReport ✅ Got 25 dependencies API data for Org: <PUBLIC_ID>+0ms
  snyk-licenses:generateOrgLicensesReport ⏳ Processing 8 licenses +1ms
  snyk-licenses:generateOrgLicensesReport Splitting up a multi license [ 'Apache-2.0', 'BSD-2-Clause' ] +0ms
  snyk-licenses:generateOrgLicensesReport ✅ Done processing 8 licenses +22s
  snyk-licenses:generateHtmlReport ℹ️  Generating HTML report +0ms
  snyk-licenses:generateHtmlReport ✅ Using template default template +0ms
  snyk-licenses:generateHtmlReport ℹ️  Compiling Handlebars.js template ./templates/licenses-view.hbs +0ms
  snyk-licenses:generateHtmlReport ✅ Compiled template ./templates/licenses-view.hbs +1ms
  snyk-licenses:saveHtmlReport ⏳  Saving generated report to /Users/fvisser/Documents/GitRepositories/snyk-licenses-texts/<ORG_NAME>-<PUBLIC_ID>-org-licenses.html +0ms
  snyk-licenses:saveHtmlReport ✅ Saved HTML report to ~/Documents/GitRepositories/snyk-licenses-texts/<ORG_NAME>-<PUBLIC_ID>-org-licenses.html +0ms

Note that the Fetching … data steps start on page 2 instead of page 1. I.e. snyk-licenses:getLicenseDataForOrg Fetching licenses data for page 2 +0ms.

Screenshots

• a table of contents linking to each of the license types so we don’t have to scroll through the entire file trying to find what we’re looking for
• ability to remove the Severities for each license type (this is because the attribution report is being sent to 3rd parties, and the severity isn't necessary for this)
• improve the formatting so the License Text column isn’t so narrow, since this information is the primary reason we want to generate the attribution file
• ability to filter the report by targets like on Synk dashboard’s Projects page. The tool does allow filtering by project, but given the number of projects in a target the command line would be extremely long. Running the tool on the entire org creates a report that includes projects from multiple targets.

Describe the user need
SBOM report does not contain the creation date in the file.

Describe expected behaviour
SBOM report to contain the date when the report is generated.

Describe the user need
I want Snyk to be able to specify a commit/release to run the snyk-licenses-texts on. Currently using the GitHub integration it will only use the latest base branch. But we would need it to also support setting custom release branches/commits which are not always the same as base branch.

Describe expected behaviour
Being able to specify a certain commit or branch/release-tag, for examples like this:
./snyk-licenses-texts-linux generate -b 1.4.6
or with commit:
./snyk-licenses-texts-linux generate -b 43547648

Describe the user need
It would be nice if Snyk could make the version and severity fields optional.

Describe expected behaviour

For version:
Instead of showing "[email protected]" we would like to only see "requests"
For severity:
Instead of seeing "Severities: "none", "none"," we would like for it to be removed.