feat: add uv support to sbom command #6468
Merged
+165
−11
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
thomasschafer
force-pushed
the
feat/add-uv-support-to-snyk-sbom
branch
9 times, most recently
from
772fbde to
abf5004
Compare
klesniewski
approved these changes
Jan 27, 2026
snyk-tim
reviewed
Jan 27, 2026
snyk-tim
reviewed
Jan 27, 2026
thomasschafer
force-pushed
the
feat/add-uv-support-to-snyk-sbom
branch
2 times, most recently
from
b97a18e to
cbef593
Compare
snyk-tim
approved these changes
Jan 27, 2026
thomasschafer
force-pushed
the
feat/add-uv-support-to-snyk-sbom
branch
from
cbef593 to
eef6ff6
Compare
test/acceptance/fake-server.ts
Outdated
| .send(`{"errors":[{"title":"Bad Request","detail":"invalid SBOM"}]}`); | ||
| } | ||
|
|
||
| if (req.params.orgId === '55555555-5555-5555-5555-555555555555') { |
Contributor
There was a problem hiding this comment.
Suggestion: In your tests you can set the response instead of hardcoding it in the fakeserver, for example take a look at setEndpointResponse()
Contributor
Author
There was a problem hiding this comment.
Ah I didn't know that was possible - done
| SNYK_API: 'http://localhost:' + port + baseApi, | ||
| SNYK_HOST: 'http://localhost:' + port, | ||
| SNYK_TOKEN: '123456789', | ||
| SNYK_DISABLE_ANALYTICS: '1', |
Contributor
There was a problem hiding this comment.
Suggestion: Ensure to set SNYK_HTTP_PROTOCOL_UPGRADE=0 to avoid issues.
PeterSchafer
approved these changes
Jan 28, 2026
Contributor
PeterSchafer
left a comment
PeterSchafer
left a comment
There was a problem hiding this comment.
Approving with minor improvement suggestions.
thomasschafer
force-pushed
the
feat/add-uv-support-to-snyk-sbom
branch
6 times, most recently
from
3a09f2d to
1d0af42
Compare
thomasschafer
force-pushed
the
feat/add-uv-support-to-snyk-sbom
branch
from
1d0af42 to
e82c7a0
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull Request Submission Checklist
are release-note ready, emphasizing
what was changed, not how.
What does this PR do?
This PR adds uv support to
snyk sbom. Note that this feature is not yet in Closed Beta, and requires a feature flag to be enabled.How should this be manually tested?
Turn on the
enableUvCLIfeature flag, and then build the CLI on this branch. Then run<path/to/local/cli> sbom, optionally with--all-projects. If there is auv.lockpresent, you should see an SBOM generated as expected for that uv project.What's the product update that needs to be communicated to CLI users?
None