Skip to content

fix: add Snyk CLI authentication requirements to cookbook #8042

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 30, 2025
Merged

fix: add Snyk CLI authentication requirements to cookbook #8042

merged 1 commit into from
Sep 30, 2025

Conversation

@bdougie
Copy link
Collaborator

@bdougie bdougie commented Sep 30, 2025
edited by cubic-dev-ai bot
Loading

Summary

This PR fixes authentication issues in the Snyk MCP Continue cookbook by adding proper Snyk CLI setup instructions and GitHub Actions token configuration.

Changes

  • Added Snyk CLI installation and authentication steps to prerequisites section

    • Instructions to install Snyk CLI with npm install -g snyk
    • Command to authenticate locally with snyk auth
    • Note highlighting that Snyk CLI must be authenticated before using the agent

  • Updated GitHub Actions workflow configuration

    • Added SNYK_TOKEN to the list of required GitHub secrets
    • Added SNYK_TOKEN environment variable to all security scanning workflow steps
    • Updated authentication documentation for CI/CD environments

  • Fixed misleading comment

    • Changed "# TUI mode" to "# Headless mode" for command using -p flag with --auto

Why these changes are needed

The cookbook would fail without proper Snyk authentication:

  1. Local development requires authenticated Snyk CLI for the MCP to work
  2. CI/CD pipelines need SNYK_TOKEN environment variable for headless execution
  3. Users were missing critical setup steps that would cause the agent to fail

Testing

  • Verified Snyk CLI authentication steps work locally
  • Tested GitHub Actions workflow with SNYK_TOKEN configured
  • Confirmed agent executes security scans successfully with these changes

Generated with Continue

Co-Authored-By: Continue [email protected]

Summary by cubic

Adds Snyk CLI install/auth instructions and requires SNYK_TOKEN in CI for the Snyk MCP Continue cookbook, ensuring local and headless scans work. Also clarifies headless mode examples with the --auto flag and fixes a misleading comment.

  • Migration
    • Install Snyk CLI and run snyk auth locally.
    • Add SNYK_TOKEN as a GitHub Actions secret and pass it to scan/report steps.

@bdougie
fix: add Snyk CLI authentication requirements to cookbook
a450c85 
- Add Snyk CLI installation and local authentication steps to prerequisites
- Include SNYK_TOKEN in GitHub Actions workflow for CI/CD authentication
- Add SNYK_TOKEN environment variable to all security scanning steps
- Update authentication documentation to clarify token requirements
- Fix misleading TUI mode comment for headless command example

These changes ensure the cookbook will work correctly by requiring users to:
1. Authenticate Snyk CLI locally with 'snyk auth' before using the agent
2. Configure SNYK_TOKEN secret in GitHub Actions for CI/CD pipelines

Generated with [Continue](https://continue.dev)

Co-Authored-By: Continue <[email protected]>
@bdougie bdougie marked this pull request as ready for review September 30, 2025 20:48
@bdougie bdougie requested a review from a team as a code owner September 30, 2025 20:48
@bdougie bdougie requested review from Patrick-Erichsen and removed request for a team September 30, 2025 20:48
@dosubot dosubot bot added the size:M This PR changes 30-99 lines, ignoring generated files. label Sep 30, 2025
@github-actions
Copy link

github-actions bot commented Sep 30, 2025
edited
Loading

✅ Review Complete

⚠️ AI review completed but no review output was generated.

Likely cause: Expired CONTINUE_API_KEY or missing continuedev/review-bot assistant

📋 View workflow logs for details.

@github-project-automation github-project-automation bot moved this from Todo to In Progress in Issues and PRs Sep 30, 2025
@dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label Sep 30, 2025
@BekahHW BekahHW merged commit 7fe65e5 into main Sep 30, 2025
62 of 65 checks passed
@github-project-automation github-project-automation bot moved this from In Progress to Done in Issues and PRs Sep 30, 2025
@BekahHW BekahHW deleted the bdougie/working-snyk-cookbook branch September 30, 2025 20:53
@github-actions github-actions bot locked and limited conversation to collaborators Sep 30, 2025
@sestinj
Copy link
Contributor

sestinj commented Oct 1, 2025

🎉 This PR is included in version 1.24.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

@sestinj
Copy link
Contributor

sestinj commented Oct 1, 2025

🎉 This PR is included in version 1.21.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

@sestinj
Copy link
Contributor

sestinj commented Oct 15, 2025

🎉 This PR is included in version 1.2.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@BekahHW BekahHW BekahHW approved these changes

@Patrick-Erichsen Patrick-Erichsen Awaiting requested review from Patrick-Erichsen Patrick-Erichsen is a code owner automatically assigned from continuedev/continue-code-reviewers

Assignees

No one assigned

Labels

lgtm This PR has been approved by a maintainer released size:M This PR changes 30-99 lines, ignoring generated files.

Projects

Issues and PRs
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bdougie @sestinj @BekahHW