CLI tool designed to manage tags and attributes at scale
Project description
Snyk Tags Tool
Snyk Tags is a CLI tool which can:
- Help filter Snyk projects by product type by adding product tags across a Snyk Group or Organization - using
snyk-tags tag - Help filter Snyk projects by applying tags to all projects containing a specific name
snyk-tags tag alltargets --contains-name= - Help filter Snyk projects by applying tags to a target import (for example a git repo like snyk-labs/nodejs-goof) - using
snyk-tags target tagor from a csv/json file withsnyk-tags fromfile target-tag - Help filter Snyk projects by applying attributes to a target import (for example a git repo like snyk-labs/nodejs-goof) - using
snyk-tags target attributesor from a csv/json file withsnyk-tags fromfile target-attributes - Help filter Snyk projects by adding the GitHub CODEOWNERS (only GitHub handles) as tags to the target import (must be a GitHub repo in the form snyk-labs/nodejs-goof) - using
snyk-tags target github owners - Help with tag management by removing tags from a Group or a target import (for example a git repo like snyk-labs/nodejs-goof) - using
snyk-tags target removeor listing all tags usingsnyk-tags list tags(also in bulk or from a csv/json file withsnyk-tags fromfile) - Associate Snyk Open Source, Code and Container projects with software component tags, using
snyk-tags component tag.
snyk-tags tag
snyk-tags tag is a CLI tool that uses the Snyk Project Tag API to assign tags in bulk to Snyk projects based on the product.
snyk-tags tag will update all projects of the specified product within a Snyk Group or Organization with the product's tag.
You can also specify a custom tag for the specific project types.
snyk-tags target
snyk-tags target goes through a target (repo, container, CLI import) to assign tags, attributes and assign GitHub metadata. Targets in snyk can be varied like:
- snyk-labs/nodejs-goof is the target from a git import
- library/httpd is the target from a container import
- /snyk-labs/nodejs-goof is the target from a CLI import
You can use:
snyk-tags target tagto add tags to a targetsnyk-tags target attributesto add attributes to a targetsnyk-tags target githubfor specific GitHub metadata. The GitHub repo must include the GitHub Organization e.g. snyk-labs/nodejs-goof
snyk-tags target github
To import GitHub metadata such as CODEOWNERS or Topics, you can use this command.
Requirements:
- GitHub PAT with
read:orgpermissions
Usage:
snyk-tags target github ownersto add the CODEOWNERS file information as tags (limited to GitHub handles for now)snyk-tags target github topicsto add the GitHub Topics as tags
Viewing results
Once you run snyk-tags, go into the UI, naviagate to the projects page and find the tags filter or attribute filter options on the left-hand menu. Select the tag/attribute you have applied and you will see all projects associated.
snyk-tags component tag
snyk-tags component tag automates tagging software components at scale for Snyk, based on powerful regular-expression based rules. Read more about this feature in components.
Installation and requirements
Requirements
Requires Python version above 3.8
Installation
To install the simplest way is to use pip:
pip install snyk-tags
Alternatively you can clone the repo and then run the following commands:
poetry install # To install dependencies
python -m snyk-tags # To run snyk-tags
Examples
For the following examples you will need a Snyk API token, this can either be a personal Snyk Group/Org admin or a service account, here is more information on how to generate a Snyk API token. You can then pass this token as part of the command through --snyktkn=abc or as an environment variable SNYK_TOKEN
Applying tags by Snyk product
I want to filter all my Snyk Code projects to the whole Snyk Group:
snyk-tags tag sast --group-id=abc --snyktkn=abc
I want to filter all my npm Snyk Open Source projects within a specific Snyk Organization:
snyk-tags tag sca --scatype=npm --org-id=abc --snyktkn=abc
Applying tags based on project name
I want to filter all my Snyk projects sharing a common project name substring
snyk-tags tag alltargets --contains-name=microservice --group-id=abc --org-id=abc --snyktkn=abc --tagkey=app --tagvalue=microservice
Managing tags based on target SCM repository
I want to filter all projects within my snyk-labs/nodejs-goof repo by project:snyk
snyk-tags target tag --target=snyk-labs/nodejs-goof --org-id=abc --snyktkn=abc --tagkey=project --tagvalue=snyk
I want to add attributes to all projects within my snyk-labs/python-goof repo. The attributes are critical, production, backend
snyk-tags target attributes --target=snyk-labs/python-goof --org-id=abc --snytkn=abc --criticality=critical --environment=backend --lifecycle=production
I want mark with the repo owners all projects of the repo snyk-labs/nodejs-goof so I can filter by owner e.g.Owner:EricFernandezSnyk
(to use a private GitHub instance, use --gh-base-url=<your instance's API baseurl>. Example: --gh-base-url=https://gh.local/api/v3)
snyk-tags target github owners --target=snyk-labs/nodejs-goof --org-id=abc --snyktkn=abc --githubtkn=abc
I want add my GitHub Topics to all projects of the repo snyk-labs/nodejs-goof so I can filter by topics e.g.GitHubTopic:python3
(to use a private GitHub instance, use --gh-base-url=<your instance's API baseurl>. Example: --gh-base-url=https://gh.local/api/v3)
snyk-tags target github topics --target=snyk-labs/nodejs-goof --org-id=abc --snyktkn=abc --githubtkn=abc
I want to remove the tag project:snyk from the repo snyk-labs/nodejs-goof
snyk-tags remove tag-from-target --target=snyk-labs/nodejs-goof --group-id=abc --snyktkn=abc --tagkey=project --tagkey=snyk
I want to remove the tag app:microservice from all targets within a specific Snyk Organization
snyk-tags remove tag-from-alltargets --contains-name=apps-demo --org-id=abc --tagkey=app --tagvalue=microservice
I want to filter all projects within snyk-labs/nodejs-goof and snyk-labs/goof repo by project:snyk so I use a csv in the format org-id,target,key,value
snyk-tags fromfile target-tag --file=path/to/file.csv --snyktkn
Types of projects and attributes
List of all project types
| Snyk IaC | Snyk Open Source | Snyk Container | Snyk Code |
|---|---|---|---|
| terraformconfig | maven | dockerfile | sast |
| terraformplan | npm | apk | |
| k8sconfig | nuget | deb | |
| helmconfig | gradle | rpm | |
| cloudformationconfig | pip | linux | |
| armconfig | yarn | ||
| gomodules | |||
| rubygems | |||
| composer | |||
| sbt | |||
| golangdep | |||
| cocoapods | |||
| poetry | |||
| govendor | |||
| cpp | |||
| yarn-workspace | |||
| hex | |||
| paket | |||
| golang |
List of all attributes
| Criticality | Environment | Lifecycle |
|---|---|---|
| critical | frontend | production |
| high | backend | development |
| medium | internal | sandbox |
| low | external | |
| mobile | ||
| saas | ||
| onprem | ||
| hosted | ||
| distributed |
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
