From d62e30c42b8b397fce7bd1ef6f660fdf03aaf18d Mon Sep 17 00:00:00 2001 From: Liran Tal Date: Wed, 2 Jan 2019 13:24:12 +0200 Subject: [PATCH 1/2] fix: typos and grammar cleanup --- README.md | 14 ++++---------- help/help.txt | 2 +- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 3117380e48..94699ccac2 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ ![Snyk logo](https://snyk.io/style/asset/logo/snyk-print.svg) -*** +--- [![Known Vulnerabilities](https://snyk.io/test/npm/snyk/badge.svg)](https://snyk.io/test/npm/snyk) @@ -36,8 +36,8 @@ Run `snyk --help` to get a quick overview of all commands or for full details on The package argument is optional. If no package is given, Snyk will run the command against the current working directory allowing you test you non-public applications. - ## Features + - **Find** known vulnerabilities by running `snyk test` on a project either as a one off or as part of your CI process. - **Fix** vulnerabilities using `snyk wizard` and `snyk protect`. - `snyk wizard` walks you through finding and fixing known vulnerabilities in your project. Remediation options include configuring your policy file to update, auto patch and ignore vulnerabilities. (npm only) @@ -45,14 +45,12 @@ The package argument is optional. If no package is given, Snyk will run the comm - **Alert** `snyk monitor` records the state of dependencies and any vulnerabilities on snyk.io so you can be alerted when new vulnerabilities or updates/patches are disclosed that affect your repositories. - **Prevent** new vulnerable dependencies from being added to your project by running `snyk test` as part of your CI to fail tests when vulnerable Node.js or Ruby dependencies are added. - ## Docker Snyk is also provided as a set of Docker images that carry the runtime environment of each package manager. For example, the npm image will carry all of the needed setup to run `npm install` on the currently running container. Currently there are images for npm, Ruby, Maven, Gradle and SBT. The images can perform `snyk test` by default on the specified project which is mounted to the container as a read/write volume, and `snyk monitor` if the `MONITOR` environment variable is set when running the docker container. When running `snyk monitor` with the `GENERATE_REPORT` environment variable set, an HTML file called `snyk_report.html` and a CSS file called `snyk_report.css` will be generated. The image also writes a file called `snyk-res.json` for internal use and `snyk-error.log` for errors that we can look at if something goes wrong. - The following environment variables can be used when running the container on docker: - `SNYK_TOKEN` - Snyk API token, obtained from [https://snyk.io/account](https://snyk.io/account). @@ -68,9 +66,9 @@ The general format of tags is [snyk-version]-[package-manager]-[package-manager- [package-manager] - One of the available package managers (e.g: npm, mvn, gradle, etc...). [package-manager-version] - The version of the package manager that is installed inside the image. -Please see the following examples on how to run Snyk inside docker: +Please see the following examples on how to run Snyk inside docker: -### NodeJS (npm) +### Node.js (npm) We will need to mount the project root folder when running the image so that Snyk can access the code within the container. The host project folder will be mounted to `/project` on the container and will be used to read the dependencies file and write results for CI builds. Here's an example of running `snyk test` and `snyk monitor` in the image (with the latest version of Snyk) for npm: @@ -117,7 +115,6 @@ We will need to mount the project root folder when running the image so that Sny NOTE: the `dependency-tree` module is required for `snyk` to process Scala projects. Use [version 0.8.2](https://github.com/jrudolph/sbt-dependency-graph/tree/v0.8.2) for SBT 0.13.16 and [version 0.9.0](https://github.com/jrudolph/sbt-dependency-graph/tree/v0.9.0) for version SBT 1.0.4. - ``` docker run -it -e "SNYK_TOKEN=" @@ -192,7 +189,4 @@ Markdown: [![Known Vulnerabilities](https://snyk.io/package/npm/name/badge.svg)](https://snyk.io/package/npm/name) ``` - [![Analytics](https://ga-beacon.appspot.com/UA-69111857-2/Snyk/snyk?pixel)](https://snyk.io/) - - diff --git a/help/help.txt b/help/help.txt index 86eb2ae491..a2301d40f3 100644 --- a/help/help.txt +++ b/help/help.txt @@ -5,7 +5,7 @@ Usage: The package argument is optional. If no package is given, Snyk will run the command against the current working directory allowing you -test you non-public applications. +to test your non-public applications. Commands: From c903a43930239065864bd9f6440ea890d8b617b6 Mon Sep 17 00:00:00 2001 From: Liran Tal Date: Wed, 2 Jan 2019 13:26:49 +0200 Subject: [PATCH 2/2] fix: use consistent word style --- SECURITY.md | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index b317e67f6b..721a9df983 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,6 +1,6 @@ # Reporting Security Issues -We at snyk value the security community and believe that responsible disclosure of security vulnerabilities in open source packages helps us ensure the security and privacy of the users. +We at Snyk value the security community and believe that responsible disclosure of security vulnerabilities in open source packages helps us ensure the security and privacy of the users. If you believe you have found a security vulnerability on Snyk, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem. Before reporting though, please review our responsible disclosure policy, and those things that should not be reported. @@ -8,15 +8,14 @@ Submit your report to security@snyk.io (one issue per report) and respond to the Report security bugs in third-party modules to the person or team maintaining the module. You can also report a vulnerability through our [Snyk Vulnerability Disclosure](https://docs.google.com/a/snyk.io/forms/d/e/1FAIpQLSemwgWZ0JgK1ZULKhy9DZCQ5KulbLEldvmokAuRtt-_nrqNlA/viewform) program. - ### Responsible Disclosure Policy We ask that: -* You give us reasonable time to investigate and mitigate an issue you report before making public any information about the report or sharing such information with others. -* You do not interact with an individual account (which includes modifying or accessing data from the account) if the account owner has not consented to such actions. -* You make a good faith effort to avoid privacy violations and disruptions to others, including (but not limited to) destruction of data and interruption or degradation of our services. -* You do not exploit a security issue you discover for any reason. (This includes demonstrating additional risk, such as attempted compromise of sensitive company data or probing for additional issues). -* You do not violate any other applicable laws or regulations. +- You give us reasonable time to investigate and mitigate an issue you report before making public any information about the report or sharing such information with others. +- You do not interact with an individual account (which includes modifying or accessing data from the account) if the account owner has not consented to such actions. +- You make a good faith effort to avoid privacy violations and disruptions to others, including (but not limited to) destruction of data and interruption or degradation of our services. +- You do not exploit a security issue you discover for any reason. (This includes demonstrating additional risk, such as attempted compromise of sensitive company data or probing for additional issues). +- You do not violate any other applicable laws or regulations. Find out more about our [security policy](https://snyk.io/docs/security) and [Bug Bounty program](https://snyk.io/docs/security#snyk-s-vulnerability-disclosure-program)