Api import wf

.github/workflows/snyk-test-api-import.yml

@@ -0,0 +1,30 @@
+name: Import repo via API
+on: push
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Run Snyk to check for vulnerabilities
+        id: check_vuln
+        uses: snyk/actions/node@master
+        continue-on-error: true
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --severity-threshold=critical
+            --json-file-output=snyk.json
+      - name: install requirements
+        run: |
+          python3 -m pip install --upgrade pip
+          if [ -f scripts/requirements.txt ]; then pip install -r scripts/requirements.txt; fi
+      - name: Get repo name and set as environment variable
+        id: get_repo_name
+        run: |
+          echo "REPO_NAME=$(echo $GITHUB_REPOSITORY | cut -d '/' -f 2)" >> $GITHUB_ENV
+      - name: Import repo via API
+        id: import_repo
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        run: |
+          python3 scripts/import_repo.py --owner ${{ github.repository_owner }} --name ${{ env.REPO_NAME }} --snyk-org ${{ vars.SNYK_ORG }} --integration-id ${{ vars.SNYK_INTEGRATION_ID }} --branch ${{ github.ref_name }}

.gitignore

@@ -12,3 +12,5 @@ npm-debug.log
 .idea/
 .dccache
 
+.vscode
+venv 

README.md

@@ -6,7 +6,7 @@ A vulnerable Node.js demo application, based on the [Dreamers Lab tutorial](http
 
 ## Features
 
-This vulnerable apassa includes the following capabilities to experiment with:
+This vulnerable apassa includes the following capabiasalities to experiment with:
 
 - [Exploitable packages](#exploiting-the-vulnerabilities) with known vulnerabilities
 - [Docker Image Scanning](#docker-image-scanning) for base images with known vulnerabilities in system libraries

scripts/import_repo.py

@@ -0,0 +1,65 @@
+import os
+import json
+import requests
+import argparse
+
+SNYK_TOKEN = os.getenv("SNYK_TOKEN")
+
+
+class APIClient:
+    def __init__(
+        self, snyk_token, owner, name, snyk_org, integration_id, branch
+    ) -> None:
+        self.snyk_token = snyk_token
+        self.owner = owner
+        self.name = name
+        self.snyk_org = snyk_org
+        self.integration_id = integration_id
+        self.branch = branch
+        self.base_url = "https://api.snyk.io/v1"
+
+    def import_repo(self) -> object:
+        request_url = f"{self.base_url}/org/{self.snyk_org}/integrations/{self.integration_id}/import"
+        headers = self._format_headers()
+        body = self._format_body()
+        response = requests.post(
+            request_url,
+            headers=headers,
+            data=body,
+        )
+        return response
+
+    def _format_body(self) -> object:
+        body = json.dumps(
+            {"target": {"owner": self.owner, "name": self.name, "branch": self.branch}}
+        )
+        return body
+
+    def _format_headers(self) -> object:
+        headers = {
+            "Content-Type": "application/json",
+            "Authorization": f"token {self.snyk_token}",
+        }
+        return headers
+
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(description="Import a repository to Snyk.")
+    parser.add_argument("--owner", required=True, help="Repository owner")
+    parser.add_argument("--name", required=True, help="Repository name")
+    parser.add_argument("--snyk-org", required=True, help="Snyk organization ID")
+    parser.add_argument("--integration-id", required=True, help="Snyk integration ID")
+    parser.add_argument("--branch", required=True, help="Repository branch")
+
+    args = parser.parse_args()
+
+    client = APIClient(
+        SNYK_TOKEN,
+        args.owner,
+        args.name,
+        args.snyk_org,
+        args.integration_id,
+        args.branch,
+    )
+    response = client.import_repo()
+    print("status_code", response.status_code, response.text)