A comprehensive tool for transferring ignore rules from CSV data to Snyk issues. Features class-based architecture, enhanced error handling, and detailed reporting capabilities.
- Class-based architecture - Clean, maintainable code structure
- Enhanced error handling - Comprehensive validation and user feedback
- Improved logging - Structured logging system with different levels
- Streamlined workflows - Simplified execution paths
- Better validation - Input sanitization and argument validation
- Customer-ready - Professional code suitable for distribution
- Text report generation - Detailed severity and organization reports
- Group processing - Process all organizations in a Snyk group
- Smart conflict handling - Treat existing policies as success
- Multiple Workflows: Standard matching, direct ignore, matches input, group processing
- Flexible Input: CSV files or pre-generated matches
- Smart Matching: Title + Repository URL + CWE matching
- Dry Run Support: Test operations without making changes
- Comprehensive Logging: Detailed progress and error reporting
- Error Recovery: Graceful handling of API failures and missing data
- Severity Reports: Generate detailed text reports of issues by severity and organization
- Group Processing: Process all organizations in a Snyk group with pagination
- Conflict Resolution: Automatically handle existing policies (409 conflicts)
- Python 3.10+
- Snyk API token
-
Clone or download the tool:
# Download the main script wget https://raw.githubusercontent.com/your-repo/snyk-ignore-transfer/main/snyk_ignore_transfer.py -
Install dependencies:
pip install requests pandas
-
Set up environment variables:
export SNYK_TOKEN="your_snyk_api_token"
# Standard workflow (match and ignore)
python3 snyk_ignore_transfer.py --org-id YOUR_ORG_ID --csv-file issues.csv
# Dry run to test
python3 snyk_ignore_transfer.py --org-id YOUR_ORG_ID --csv-file issues.csv --dry-run
# Direct ignore mode (skip CSV generation)
python3 snyk_ignore_transfer.py --org-id YOUR_ORG_ID --csv-file issues.csv --direct-ignore# Group processing (process all organizations in a group)
python3 snyk_ignore_transfer.py --group-id YOUR_GROUP_ID --csv-file issues.csv --dry-run
python3 snyk_ignore_transfer.py --group-id YOUR_GROUP_ID --csv-file issues.csv
# Review-only mode (generate CSV for review)
python3 snyk_ignore_transfer.py --org-id YOUR_ORG_ID --csv-file issues.csv --review-only
# Load pre-generated matches
python3 snyk_ignore_transfer.py --org-id YOUR_ORG_ID --matches-input snyk_matches_20240101_120000.csv
# Generate severity report
python3 snyk_ignore_transfer.py --org-id YOUR_ORG_ID --csv-file issues.csv --severity-report report.txt
# Custom configuration
python3 snyk_ignore_transfer.py \
--org-id YOUR_ORG_ID \
--csv-file issues.csv \
--snyk-region SNYK-EU-01 \
--ignore-reason "Custom reason for ignoring" \
--repo-url-field custom_repourl_field# Step 1: Generate matches for review
python3 snyk_ignore_transfer.py --org-id YOUR_ORG_ID --csv-file issues.csv --review-only
# Step 2: Review the generated CSV file
# Edit snyk_matches_YYYYMMDD_HHMMSS.csv as needed
# Step 3: Process the matches
python3 snyk_ignore_transfer.py --org-id YOUR_ORG_ID --matches-input snyk_matches_20240101_120000.csv# Skip CSV generation and go directly to ignoring
python3 snyk_ignore_transfer.py --org-id YOUR_ORG_ID --csv-file issues.csv --direct-ignore# Process all organizations in a Snyk group
python3 snyk_ignore_transfer.py --group-id YOUR_GROUP_ID --csv-file issues.csv --dry-run
python3 snyk_ignore_transfer.py --group-id YOUR_GROUP_ID --csv-file issues.csv# Generate detailed severity and organization report
python3 snyk_ignore_transfer.py --org-id YOUR_ORG_ID --csv-file issues.csv --severity-report report.txt| Variable | Required | Description |
|---|---|---|
SNYK_TOKEN |
Yes | Snyk API token for authentication |
| Option | Description | Default |
|---|---|---|
--org-id |
Snyk organization ID | Required (or use --group-id) |
--group-id |
Snyk group ID to process all orgs | Alternative to --org-id |
--csv-file |
CSV file with issues to match | Required for normal workflow |
--matches-input |
Pre-generated matches CSV | Alternative to --csv-file |
--direct-ignore |
Skip CSV generation | False |
--review-only |
Generate CSV for review only | False |
--dry-run |
Simulate without changes | False |
--severity-report |
Generate text report file | Optional |
--snyk-region |
Snyk API region | SNYK-US-01 |
--ignore-reason |
Reason for ignoring issues | "False positive identified via CSV analysis" |
--repo-url-field |
CSV field containing repo URL | repourl |
snyk_ignore_transfer.py # Main tool
README.md # This documentation
requirements.txt # Python dependencies
The tool matches Snyk issues with CSV data based on:
- Title - Issue title must contain CSV title/vulnerability text
- Repository URL - Must match exactly (if provided in CSV)
- CWE - Must match exactly (normalized format)
- False positive check - Skips CSV rows marked as false positives
The tool includes comprehensive error handling:
- Input validation - Checks all required arguments and data
- API error recovery - Graceful handling of Snyk API failures
- File validation - Checks CSV file format and required fields
- Environment validation - Verifies required environment variables
- Progress tracking - Detailed logging of operations and errors
The tool provides structured logging with different levels:
- Info - Normal operation progress
- Warning - Non-critical issues that don't stop execution
- Error - Critical issues that prevent operation
- Debug - Detailed debugging information (when --verbose is used)
| Workflow | Use Case | CSV Generation | Best For |
|---|---|---|---|
| Standard | Review and approve | Yes | Manual review process |
| Direct Ignore | Automated processing | No | CI/CD pipelines |
| Matches Input | Pre-generated matches | No | Batch processing |
| Group Processing | Multiple organizations | Yes | Enterprise-wide deployment |
| Severity Report | Analysis and reporting | Yes | Documentation and analysis |
-
Missing SNYK_TOKEN
Error: SNYK_TOKEN environment variable is requiredSolution: Set the environment variable with your Snyk API token
-
Invalid organization ID
Error: No code issues found in organizationSolution: Verify the organization ID is correct and has code issues
-
CSV file not found
Error: CSV file issues.csv not foundSolution: Check the file path and ensure the file exists
-
CSV parsing errors
Error: No CSV data loadedSolution: Check CSV file format and ensure it contains valid data
Use --verbose flag for detailed debugging information:
python3 snyk_ignore_transfer.py --org-id YOUR_ORG_ID --csv-file issues.csv --verboseThe tool is optimized for performance:
- Pagination handling - Efficiently processes large datasets
- Caching - Caches target information to reduce API calls
- Batch processing - Processes multiple issues efficiently
- Progress tracking - Shows progress for long-running operations
- Token security - Uses environment variables for sensitive data
- Input validation - Sanitizes all inputs to prevent injection
- Error handling - Prevents sensitive data from being logged
- Dry run mode - Test operations safely without making changes
For issues and questions:
- Check this documentation first
- Review the error messages and troubleshooting section
- Open an issue on GitHub with detailed error information
- Include the command used and any relevant log output
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.
Contributions are welcome! Please:
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request