feat: add project tags for code test report flow

help/cli-commands/code-test.md

@@ -69,6 +69,26 @@ Set or override the remote URL for the repository.
 
 Example: `--remote-repo-url=https://gitlab.com/example/project` will create a target for given URL and on the UI it would be visible as `/example/project/` .
 
+### `--project-tags=<KEY>=<VALUE>[,<KEY>=<VALUE>]...`
+
+Use with `--report` to attach project tags when publishing Code results (file-based scan). Format is comma-separated `key=value` pairs. For allowable characters, see [Project tags](https://docs.snyk.io/snyk-admin/snyk-projects/project-tags).
+
+To clear all tags on the project when reporting, pass `--project-tags=` (empty value).
+
+**Note:** Only one of `--project-tags` or `--tags` may be set.
+
+### `--tags=<KEY>=<VALUE>[,<KEY>=<VALUE>]...`
+
+Alias for `--project-tags`.
+
+### Example: report with tags
+
+Scan the current directory and publish to the Snyk Web UI with tags and branch as the target reference:
+
+`snyk code test --report --project-name=my-code-project --project-tags=env=dev,team=platform --target-reference="$(git branch --show-current)" .`
+
+Use a real path instead of `.` when scanning another folder.
+
 ### `--org=<ORG_ID>`
 
 Specify the `<ORG_ID>`to run Snyk commands tied to a specific Snyk Organization. The `<ORG_ID>` influences private test limits.

package.json

@@ -64,7 +64,7 @@
     "@sentry/node": "^7.34.0",
     "@snyk/cli-interface": "2.15.0",
     "@snyk/cloud-config-parser": "^1.14.5",
-    "@snyk/code-client": "^4.23.5",
+    "@snyk/code-client": "^4.26.0",
     "@snyk/dep-graph": "^2.16.3",
     "@snyk/docker-registry-v2-client": "^2.24.1",
     "@snyk/error-catalog-nodejs-public": "^5.79.0",

src/lib/plugins/sast/analysis.ts

@@ -21,6 +21,7 @@ import {
 import { analysisProgressUpdate } from './utils';
 import { FeatureNotSupportedBySnykCodeError } from './errors';
 import { getProxyForUrl } from 'proxy-from-env';
+import { generateTags } from '../../../cli/commands/monitor';
 import { bootstrap } from 'global-agent';
 import chalk from 'chalk';
 import * as debugLib from 'debug';
@@ -210,6 +211,7 @@ async function getCodeAnalysis(
           targetName: options['target-name'],
           targetRef: options['target-reference'],
           remoteRepoUrl: options['remote-repo-url'],
+          tags: generateTags(options),
         },
       }),
       analysisContext,

src/lib/types.ts

@@ -89,6 +89,7 @@ export interface Options {
   quiet?: boolean;
   'fail-fast'?: boolean;
   tags?: string;
+  'project-tags'?: string;
   'target-reference'?: string;
   'exclude-base-image-vulns'?: boolean;
   'no-markdown'?: boolean;

test/jest/unit/snyk-code/snyk-code-test-report.spec.ts

@@ -118,6 +118,80 @@ describe('Test snyk code with --report', () => {
 
       expect(actual?.reportResults).toEqual(expectedReportResults);
     });
+
+    it('should pass project-tags to reportOptions when provided', async () => {
+      const tags = [
+        { key: 'env', value: 'prod' },
+        { key: 'team', value: 'security' },
+      ];
+
+      const reportOptions = {
+        enabled: true,
+        projectName: 'test-project-name',
+        targetName: 'test-target-name',
+        targetRef: 'test-target-ref',
+        remoteRepoUrl: 'https://github.com/owner/repo',
+        tags,
+      };
+
+      analyzeFoldersMock.mockResolvedValue(
+        sampleAnalyzeFoldersWithReportAndIgnoresResponse,
+      );
+
+      await getCodeTestResults(
+        '.',
+        {
+          path: '',
+          code: true,
+          report: true,
+          'project-name': reportOptions.projectName,
+          'target-name': reportOptions.targetName,
+          'target-reference': reportOptions.targetRef,
+          'remote-repo-url': reportOptions.remoteRepoUrl,
+          'project-tags': 'env=prod,team=security',
+        },
+        sastSettings,
+        'test-id',
+      );
+
+      expect(analyzeFoldersMock).toHaveBeenCalledWith(
+        expect.objectContaining({
+          reportOptions: expect.objectContaining({
+            enabled: true,
+            projectName: reportOptions.projectName,
+            tags,
+          }),
+        }),
+      );
+    });
+
+    it('should not include tags in reportOptions when project-tags is not provided', async () => {
+      analyzeFoldersMock.mockResolvedValue(
+        sampleAnalyzeFoldersWithReportAndIgnoresResponse,
+      );
+
+      await getCodeTestResults(
+        '.',
+        {
+          path: '',
+          code: true,
+          report: true,
+          'project-name': 'test-project',
+        },
+        sastSettings,
+        'test-id',
+      );
+
+      expect(analyzeFoldersMock).toHaveBeenCalledWith(
+        expect.objectContaining({
+          reportOptions: expect.objectContaining({
+            enabled: true,
+            projectName: 'test-project',
+            tags: undefined,
+          }),
+        }),
+      );
+    });
   });
 
   describe('SCM-based report flow - analyzeScmProject', () => {