Announcing Snyk CLI v1.1294.1

Fix

[Hotfix update - Nov 20, 2024]

We’ve released a hot fix - Snyk CLI v1.1294.1 - to address the following issues reported by our customers on. Release notes can be found here.

Bug #1 -

  • Before the fix - Snyk Container scanner was unable to process RedHat images when the content_sets attribute was missing in the redhat-content-manifests file.

1{
2  "name": "redhat-content-manifests",
3  "version": "1.0",
4  "requires": [
5    "rpm"
6  ],
7  "content_sets": [
8    {
9      "name": "rhel-server-rhscl-7-rpms",
10      "baseurl": "http://cdn.redhat.com/content/rhel/server/7/7Server/x86_64/rh-os/",
11      "mirrorlist": "http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os",
12      "gpgcheck": 1,
13      "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release",
14      "enabled": 1
15    }
16  ]
17}

Example of redhat-content-manifests file with a content_sets section.

  • After the Fix - The fix will allow successful scanning of RedHat images when content_sets is absent.

  • Important to note: This fix will be applied to Container Registry and Kubernetes integration as well.

Bug #2 -

  • Before the fix - Some customers have reported encountering a "too many vulnerable paths for conversion to legacy test output" error when scanning Python projects using Snyk Container (via the snyk container monitor CLI command).

  • After the fix - We’ve optimized Python pip dependency graphs by removing unnecessary optional dependencies. This reduces the number of vulnerable and upgrade paths, resulting in fixing this reported error, faster scans and improved reliability.

  • Important to note:

  • The issue count and dependencies remain unchanged.

  • The change primarily reduces path information for optional dependencies when they are not needed, specifically the number of paths from the root to a vulnerability, which may be significantly decreased.

Bug #3-

  • Before the Fix: An "Invalid JSON" error occurred under the following conditions:

  • Trace or debugging was enabled.

  • Policies were applied to the test results.

  • The --json flag was used with the snyk test, snyk monitor, snyk container test or snyk container monitor CLI commands.

  • After the Fix: The issue will be resolved, and JSON parsing will work correctly under these specific conditions.

  • Important to Note: This problem is limited to CLI version v1.1294.0 and does not affect other versions.

You can learn more about Snyk CLI release channels in user documentation. If you have any questions, feel free to reach out to the Snyk support team!

Neha Shenoy | Senior Product Manager