SnykOut
A command line tool which provides an alternative user interface to snyk test output.
Example
snykout takes the JSON output from snyk test and provides a number of alternative presentations of the information.
The basic output consists of a table of vulnerabilities.
$ snyk container test garethr/snykit --json | snykout
+--------------------------------------------------------------------------------------------------------------------------------+
| Found 82 unique vulnerabiliies for garethr/snykit |
+----------------------+------------+----------------+-------------------------------------------------+------------+------------+
| Package | Severity | ID | Issue | Installed | Fixed in |
+----------------------+------------+----------------+-------------------------------------------------+------------+------------+
| sqlite3/libsqlite3-0 | HIGH | CVE-2020-9794 | Out-of-bounds Read | 3.27.2-3 | |
| sqlite3/libsqlite3-0 | MEDIUM | CVE-2019-16168 | Divide By Zero | 3.27.2-3 | |
| sqlite3/libsqlite3-0 | MEDIUM | CVE-2020-13631 | CVE-2020-13631 | 3.27.2-3 | |
| sqlite3/libsqlite3-0 | MEDIUM | CVE-2020-13434 | Integer Overflow or Wraparound | 3.27.2-3 | |
| sqlite3/libsqlite3-0 | MEDIUM | CVE-2019-20218 | Improper Handling of Exceptional Conditions | 3.27.2-3 | |
| sqlite3/libsqlite3-0 | MEDIUM | CVE-2020-11655 | Improper Input Validation | 3.27.2-3 | |
| sqlite3/libsqlite3-0 | LOW | CVE-2020-13871 | Use After Free | 3.27.2-3 | |
| sqlite3/libsqlite3-0 | LOW | CVE-2020-13632 | NULL Pointer Dereference | 3.27.2-3 | |
| sqlite3/libsqlite3-0 | LOW | CVE-2020-13630 | Use After Free | 3.27.2-3 | |
| sqlite3/libsqlite3-0 | LOW | CVE-2020-13435 | NULL Pointer Dereference | 3.27.2-3 | |
| sqlite3/libsqlite3-0 | LOW | CVE-2020-11656 | Use After Free | 3.27.2-3 | |
| sqlite3/libsqlite3-0 | LOW | CVE-2020-9327 | NULL Pointer Dereference | 3.27.2-3 | |
| sqlite3/libsqlite3-0 | LOW | CVE-2019-19959 | CVE-2019-19959 | 3.27.2-3 | |
| sqlite3/libsqlite3-0 | LOW | CVE-2019-19923 | NULL Pointer Dereference | 3.27.2-3 | |
| sqlite3/libsqlite3-0 | LOW | CVE-2019-19924 | Improper Handling of Exceptional Conditions | 3.27.2-3 | |
| sqlite3/libsqlite3-0 | LOW | CVE-2019-19925 | Unrestricted Upload of File with Dangerous Type | 3.27.2-3 | |
| sqlite3/libsqlite3-0 | LOW | CVE-2019-19603 | CVE-2019-19603 | 3.27.2-3 | |
| sqlite3/libsqlite3-0 | LOW | CVE-2019-19645 | Uncontrolled Recursion | 3.27.2-3 | |
| sqlite3/libsqlite3-0 | LOW | CVE-2019-19244 | Improper Input Validation | 3.27.2-3 | |
| sqlite3/libsqlite3-0 | LOW | CVE-2019-19242 | NULL Pointer Dereference | 3.27.2-3 | |
| sqlite3/libsqlite3-0 | LOW | CVE-2020-15358 | Out-of-bounds Write | 3.27.2-3 | |
+----------------------+------------+----------------+-------------------------------------------------+------------+------------+
+------------------------------------------------------------------------------------------------------------------------------------------------------+
| Base image vulnerabilities from ruby:2.7.0-slim |
+------------------------+------------+------------------+-------------------------------------------------------+------------------+------------------+
| Package | Severity | ID | Issue | Installed | Fixed in |
+------------------------+------------+------------------+-------------------------------------------------------+------------------+------------------+
| perl/perl-base | HIGH | CVE-2020-10878 | Integer Overflow or Wraparound | 5.28.1-6 | 5.28.1-6+deb10u1 |
| apt/libapt-pkg5.0 | MEDIUM | CVE-2020-3810 | Improper Input Validation | 1.8.2 | 1.8.2.1 |
| gcc-8/libstdc++6 | MEDIUM | CVE-2018-12886 | Information Exposure | 8.3.0-6 | |
| glibc/libc-bin | MEDIUM | CVE-2020-1752 | Use After Free | 2.28-10 | |
| glibc/libc-bin | MEDIUM | CVE-2020-1751 | Out-of-bounds Write | 2.28-10 | |
| libidn2/libidn2-0 | MEDIUM | CVE-2019-12290 | Improper Input Validation | 2.0.5-1+deb10u1 | |
| pcre3/libpcre3 | MEDIUM | CVE-2020-14155 | Integer Overflow or Wraparound | 2:8.39-12 | |
| perl/perl-base | MEDIUM | CVE-2020-10543 | Out-of-bounds Write | 5.28.1-6 | 5.28.1-6+deb10u1 |
| perl/perl-base | MEDIUM | CVE-2020-12723 | Buffer Overflow | 5.28.1-6 | 5.28.1-6+deb10u1 |
| apt/libapt-pkg5.0 | LOW | CVE-2011-3374 | Improper Verification of Cryptographic Signature | 1.8.2 | |
| bash | LOW | CVE-2019-18276 | CVE-2019-18276 | 5.0-4 | |
| coreutils | LOW | CVE-2016-2781 | Improper Input Validation | 8.30-3 | |
| coreutils | LOW | CVE-2017-18018 | Race Condition | 8.30-3 | |
| gcc-8/libstdc++6 | LOW | CVE-2019-15847 | Insufficient Entropy | 8.3.0-6 | |
| glibc/libc-bin | LOW | CVE-2010-4052 | Resource Management Errors | 2.28-10 | |
| glibc/libc-bin | LOW | CVE-2019-19126 | Information Exposure | 2.28-10 | |
| glibc/libc-bin | LOW | CVE-2020-6096 | Integer Underflow | 2.28-10 | |
| glibc/libc-bin | LOW | CVE-2019-9192 | Uncontrolled Recursion | 2.28-10 | |
| glibc/libc-bin | LOW | CVE-2018-20796 | Resource Management Errors | 2.28-10 | |
| glibc/libc-bin | LOW | CVE-2020-10029 | Out-of-Bounds | 2.28-10 | |
| glibc/libc-bin | LOW | CVE-2016-10228 | Improper Input Validation | 2.28-10 | |
| glibc/libc-bin | LOW | CVE-2019-1010024 | Information Exposure | 2.28-10 | |
| glibc/libc-bin | LOW | CVE-2019-1010025 | Use of Insufficiently Random Values | 2.28-10 | |
| glibc/libc-bin | LOW | CVE-2019-1010023 | Access Restriction Bypass | 2.28-10 | |
| glibc/libc-bin | LOW | CVE-2019-1010022 | Out-of-Bounds | 2.28-10 | |
| glibc/libc-bin | LOW | CVE-2010-4051 | CVE-2010-4051 | 2.28-10 | |
| glibc/libc-bin | LOW | CVE-2010-4756 | Resource Management Errors | 2.28-10 | |
| gnupg2/gpgv | LOW | CVE-2019-14855 | Use of a Broken or Risky Cryptographic Algorithm | 2.2.12-1+deb10u1 | |
| gnutls28/libgnutls30 | LOW | CVE-2011-3389 | Improper Input Validation | 3.6.7-4+deb10u2 | |
| gnutls28/libgnutls30 | LOW | CVE-2020-11501 | Use of a Broken or Risky Cryptographic Algorithm | 3.6.7-4+deb10u2 | 3.6.7-4+deb10u3 |
| gnutls28/libgnutls30 | LOW | CVE-2020-13777 | Use of a Broken or Risky Cryptographic Algorithm | 3.6.7-4+deb10u2 | 3.6.7-4+deb10u4 |
| libgcrypt20 | LOW | CVE-2018-6829 | Information Exposure | 1.8.4-5 | |
| libgcrypt20 | LOW | CVE-2019-12904 | Cryptographic Issues | 1.8.4-5 | |
| libgcrypt20 | LOW | CVE-2019-13627 | Race Condition | 1.8.4-5 | |
| libseccomp/libseccomp2 | LOW | CVE-2019-9893 | Access Restriction Bypass | 2.3.3-4 | |
| libtasn1-6 | LOW | CVE-2018-1000654 | Resource Management Errors | 4.13-3 | |
| lz4/liblz4-1 | LOW | CVE-2019-17543 | Buffer Overflow | 1.8.3-1 | |
| openssl/libssl1.1 | LOW | CVE-2010-0928 | Cryptographic Issues | 1.1.1d-0+deb10u2 | |
| openssl/libssl1.1 | LOW | CVE-2019-1551 | Information Exposure | 1.1.1d-0+deb10u2 | |
| openssl/libssl1.1 | LOW | CVE-2020-1967 | NULL Pointer Dereference | 1.1.1d-0+deb10u2 | 1.1.1d-0+deb10u3 |
| openssl/libssl1.1 | LOW | CVE-2007-6755 | Cryptographic Issues | 1.1.1d-0+deb10u2 | |
| pcre3/libpcre3 | LOW | CVE-2017-7245 | Out-of-Bounds | 2:8.39-12 | |
| pcre3/libpcre3 | LOW | CVE-2017-7246 | Out-of-Bounds | 2:8.39-12 | |
| pcre3/libpcre3 | LOW | CVE-2017-11164 | Resource Management Errors | 2:8.39-12 | |
| pcre3/libpcre3 | LOW | CVE-2017-16231 | Out-of-Bounds | 2:8.39-12 | |
| pcre3/libpcre3 | LOW | CVE-2019-20838 | Out-of-bounds Read | 2:8.39-12 | |
| perl/perl-base | LOW | CVE-2011-4116 | Link Following | 5.28.1-6 | |
| shadow/passwd | LOW | CVE-2019-19882 | Incorrect Permission Assignment for Critical Resource | 1:4.5-1.1 | |
| shadow/passwd | LOW | CVE-2007-5686 | Access Restriction Bypass | 1:4.5-1.1 | |
| shadow/passwd | LOW | CVE-2018-7169 | Security Features | 1:4.5-1.1 | |
| shadow/passwd | LOW | CVE-2013-4235 | Time-of-check Time-of-use (TOCTOU) | 1:4.5-1.1 | |
| systemd/libsystemd0 | LOW | CVE-2013-4392 | Access Restriction Bypass | 241-7~deb10u3 | |
| systemd/libsystemd0 | LOW | CVE-2019-9619 | CVE-2019-9619 | 241-7~deb10u3 | |
| systemd/libsystemd0 | LOW | CVE-2019-3844 | Access Restriction Bypass | 241-7~deb10u3 | |
| systemd/libsystemd0 | LOW | CVE-2019-3843 | Access Restriction Bypass | 241-7~deb10u3 | |
| systemd/libsystemd0 | LOW | CVE-2018-20839 | Information Exposure | 241-7~deb10u3 | |
| systemd/libsystemd0 | LOW | CVE-2019-20386 | Missing Release of Resource after Effective Lifetime | 241-7~deb10u3 | |
| systemd/libsystemd0 | LOW | CVE-2020-1712 | Use After Free | 241-7~deb10u3 | 241-7~deb10u4 |
| systemd/libsystemd0 | LOW | CVE-2020-13776 | Improper Input Validation | 241-7~deb10u3 | |
| tar | LOW | CVE-2005-2541 | CVE-2005-2541 | 1.30+dfsg-6 | |
| tar | LOW | CVE-2019-9923 | NULL Pointer Dereference | 1.30+dfsg-6 | |
+------------------------+------------+------------------+-------------------------------------------------------+------------------+------------------+As well as the standard table output, snykout also supports:
--widewhich will show additional information about CVSS and CWE--jsonfor a standardized JSON output suitable for further processing--markdownwhich will output tables as Markdown which can be copied into documentation- As well as taking input on STDIN,
snykoutcan also be pointed directly at a file, eg,snykout fixtures/example.json
Usage
You can see usage instructions for snykout from the inline help:
$ snykout
snykout - Show vulnerability information from Snyk test output
Usage:
snykout [flags] [arguments]
Commands:
help [command] Help about any command.
Flags:
-h, --help Help for this command.
--json Output results as JSON
--markdown Output results as Markdown
-o, --output FILE Output results as JSON
--pretty Make JSON results more human readable
--wide Output additional information in the table
--yaml Output results as YAMLInstallation
Precompiled executables are available Linux and macOS environments. These are available from Releases. You can grab those quickly with wget like so for Linux:
wget -o snykout https://github.com/garethr/snykout/releases/download/v0.1.0/snykout_v0.1.0_linux-amd64
chmod +x snykoutAnd for macOS:
wget -o snykout https://github.com/garethr/snykout/releases/download/v0.1.0/snykout_v0.1.0_darwin-amd64
chmod +x snykoutKnown issues
snykout is experimental, and will definiitely have bugs at this stage. In particular anything that outputs multiple results is not yet handled, for instance --all-projects.