codeclient

package module

v1.23.6 Latest Latest Go to latest Published: Sep 22, 2025 License: MIT Imports: 15 Imported by: 2

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/snyk/code-client-go

Links

Open Source Insights

README ¶

code-client-go

A library that exposes scanning capabilities for Snyk Code that can be used in the Snyk CLI as well as Snyk IDE plugins using the Snyk Language Server.

Installation

$ go get github.com/snyk/code-client-go

Usage

HTTP Client

Use the HTTP client to make HTTP requests with configured retriable codes and authorisation headers for Snyk Rest APIs.

You can either configure the client using the functional options pattern provided or by implementing the interfaces.

Provide a net/http.Client factory to customize the underlying HTTP protocol behavior (timeouts, etc).

import (
    "net/http"

    "github.com/rs/zerolog"
    codeClientHTTP "github.com/snyk/code-client-go/http"
    codeClientObservability  "github.com/snyk/code-client-go/observability"
)

logger := zerlog.NewLogger(...)
instrumentor := codeClientObservability.NewInstrumentor()
errorReporter := codeClientObservability.NewErrorReporter()
httpClient := codeClientHTTP.NewHTTPClient(
    func() *http.Client {
        return &http.Client{
            Timeout: time.Duration(1) * time.Second,
        }
    },
    codeClientHTTP.WithRetryCount(1),
    codeClientHTTP.WithLogger(logger),
    codeClientHTTP.WithInstrumentor(instrumentor),
    codeClientHTTP.WithErrorReporter(errorReporter),
)

The HTTP client exposes a Do function.

Target

Use the target to record the target of a scan, which can be either a folder enhanced with repository metadata or a repository.

import (
    codeClientScan  "github.com/snyk/code-client-go/scan"
)

target, _ := codeClientScan.NewRepositoryTarget(path)

target, _ := codeClientScan.NewRepositoryTarget(path, codeClientScan.WithRepositoryUrl("https://github.com/snyk/code-client-go.git"))

Tracker Factory

Use the tracker factory to generate a tracker used to update the consumer of the client with frequent progress updates.

The tracker either exposes an interface with two Begin and End functions or an implementation that doesn't do anything.

import (
    codeClientScan  "github.com/snyk/code-client-go/scan"
)

trackerFactory := codeClientScan.NewNoopTrackerFactory()

tracker := trackerFactory.GenerateTracker()
tracker.Begin()
...
tracker.End()

Configuration

Implement the config.Config interface to configure the Snyk Code API client from applications.

Code Scanner

Use the Code Scanner to trigger a scan for a Snyk Code workspace using the Bundle Manager.

The Code Scanner exposes two scanning functions: UploadAndAnalyze (which supports Code Consistent Ignores) and UploadAndAnalyzeLegacy. These functions may be used like this:

import (
    codeClient  "github.com/snyk/code-client-go"
)

config := newConfigForMyApp()
codeScanner := codeClient.NewCodeScanner(
    httpClient,
    config,
	codeClient.WithTrackerFactory(trackerFactory),
    codeClientHTTP.WithLogger(logger),
    codeClientHTTP.WithInstrumentor(instrumentor),
    codeClientHTTP.WithErrorReporter(errorReporter),
)
if useCodeConsistentIgnores() {
    codeScanner.UploadAndAnalyze(context.Background(), requestId, target, channelForWalkingFiles, changedFiles)
} else {
    codeScanner.UploadAndAnalyzeLegacy(context.Background(), requestId, target, shardKey, files, changedFiles, statusChannel)
}

Observability

Under ./observability we have defined some observability interfaces which allows consumers of the library to inject their own observability implementations as long as they follow the defined interfaces.

Contributing

To ensure the long-term stability and quality of this project, we are moving to a closed-contribution model effective August 2025. This change allows our core team to focus on a centralized development roadmap and rigorous quality assurance, which is essential for a component with such extensive usage.

All of our development will remain public for transparency. We thank the community for its support and valuable contributions.

Getting Support

GitHub issues have been disabled on this repository as part of our move to a closed-contribution model. The Snyk support team does not actively monitor GitHub issues on any Snyk development project.

For help with the Snyk CLI or Snyk in general, please use the Snyk support page, which is the fastest way to get assistance.

Documentation ¶

Index ¶

func NewCodeScanner(config config.Config, httpClient codeClientHTTP.HTTPClient, ...) *codeScanner
type AnalysisOption
- func ReportLocalTest(projectName string, targetName string, targetReference string) AnalysisOption
- func ReportRemoteTest(projectId uuid.UUID, commitId string) AnalysisOption
type CodeScanner
type OptionFunc

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewCodeScanner ¶ added in v0.4.0

func NewCodeScanner(
	config config.Config,
	httpClient codeClientHTTP.HTTPClient,
	options ...OptionFunc,
) *codeScanner

NewCodeScanner creates a Code Scanner which can be used to trigger Snyk Code on a folder.

Types ¶

type AnalysisOption ¶ added in v1.15.0

type AnalysisOption func(*analysis.AnalysisConfig)

func ReportLocalTest ¶ added in v1.15.0

func ReportLocalTest(projectName string, targetName string, targetReference string) AnalysisOption

func ReportRemoteTest ¶ added in v1.15.0

func ReportRemoteTest(projectId uuid.UUID, commitId string) AnalysisOption

type CodeScanner ¶ added in v0.4.0

type CodeScanner interface {
	Upload(
		ctx context.Context,
		requestId string,
		target scan.Target,
		files <-chan string,
		changedFiles map[string]bool,
	) (bundle.Bundle, error)

	UploadAndAnalyze(
		ctx context.Context,
		requestId string,
		target scan.Target,
		files <-chan string,
		changedFiles map[string]bool,
	) (*sarif.SarifResponse, string, error)

	// UploadAndAnalyzeLegacy runs the legacy scanner (no consistent ignores)
	// ctx may include a scan.ScanSource value for use in the requestContext (see analysis_legacy.go)
	UploadAndAnalyzeLegacy(
		ctx context.Context,
		requestId string,
		target scan.Target,
		shardKey string,
		files <-chan string,
		changedFiles map[string]bool,
		statusChannel chan<- scan.LegacyScanStatus,
	) (*sarif.SarifResponse, string, error)
}

type OptionFunc ¶ added in v1.4.4

type OptionFunc func(*codeScanner)

func WithErrorReporter ¶ added in v1.4.4

func WithErrorReporter(errorReporter observability.ErrorReporter) OptionFunc

func WithFlow ¶ added in v1.7.0

func WithFlow(flow string) OptionFunc

func WithInstrumentor ¶ added in v1.4.4

func WithInstrumentor(instrumentor observability.Instrumentor) OptionFunc

func WithLogger ¶ added in v1.4.4

func WithLogger(logger *zerolog.Logger) OptionFunc

func WithTrackerFactory ¶ added in v1.6.0

func WithTrackerFactory(trackerFactory scan.TrackerFactory) OptionFunc

Source Files ¶

View all Source files

scan.go

Directories ¶

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

Path	Synopsis
bundle
mocks Package mocks is a generated GoMock package.	Package mocks is a generated GoMock package.
config
mocks Package mocks is a generated GoMock package.	Package mocks is a generated GoMock package.
http Package http defines the HTTP client used to interact with the Snyk Code API.	Package http defines the HTTP client used to interact with the Snyk Code API.
mocks Package mocks is a generated GoMock package.	Package mocks is a generated GoMock package.
internal
analysis
analysis/mocks Package mocks is a generated GoMock package.	Package mocks is a generated GoMock package.
api/test/2024-12-21 Package v20241221 provides primitives to interact with the openapi HTTP API.	Package v20241221 provides primitives to interact with the openapi HTTP API.
api/test/2024-12-21/common Package v20241221 provides primitives to interact with the openapi HTTP API.	Package v20241221 provides primitives to interact with the openapi HTTP API.
api/test/2024-12-21/models Package v20241221 provides primitives to interact with the openapi HTTP API.	Package v20241221 provides primitives to interact with the openapi HTTP API.
api/test/2024-12-21/parameters Package v20241221 provides primitives to interact with the openapi HTTP API.	Package v20241221 provides primitives to interact with the openapi HTTP API.
deepcode * © 2024 Snyk Limited All rights reserved.	* © 2024 Snyk Limited All rights reserved.
deepcode/mocks Package mocks is a generated GoMock package.	Package mocks is a generated GoMock package.
util
util/encoding
util/testutil * © 2024 Snyk Limited All rights reserved.	* © 2024 Snyk Limited All rights reserved.
llm
observability
mocks Package mocks is a generated GoMock package.	Package mocks is a generated GoMock package.
sarif
scan * © 2024 Snyk Limited All rights reserved.	* © 2024 Snyk Limited All rights reserved.
mocks Package mocks is a generated GoMock package.	Package mocks is a generated GoMock package.