Merge pull request #129 from snyk-labs/chore/deprecation_notice

Migration Docs
snyk-labs · Aug 8, 2023 · 5187ec2 · 5187ec2
2 parents 9172fc5 + b42b39c
commit 5187ec2
Show file tree

Hide file tree

Showing 2 changed files with 60 additions and 2 deletions.
diff --git a/Migration_Guide.md b/Migration_Guide.md
@@ -0,0 +1,52 @@
+This guide aims to ease up the transition between working with the deprecated snyk-scm-refresh tool and the snyk-api-import tool.
+
+# Some Differences
+## Language
+snyk-scm-refresh was written in `Python` whereas snyk-api-import is written in `Typescript`
+
+snyk-scm-refresh was ran using either `Python` or a standalone executable whereas snyk-api-import can be run using `npm or yarn` or a standalone executable. Please refer to [Snyk's Public Documentation](https://docs.snyk.io/snyk-api-info/other-tools/tool-snyk-api-import#installation) for more information. 
+
+# Migration
+
+## Detecting and Importing New Manifests from a monitored repository
+Use Snyk-API-Import tool's `import` command following the [Kicking off an Import Section](https://github.com/snyk-tech-services/snyk-api-import/blob/master/docs/import.md). The recommendation is to run this tool on a cronjob or on an event trigger to kick off the re-importing of repos into Snyk, which will detect and import the new manifests. 
+
+Alternatively, use the Snyk-API-Import tool's `sync` command following the [Sync: detecting changes in monitored repos and updating Snyk projects Section](https://github.com/snyk-tech-services/snyk-api-import/blob/master/docs/sync.md). Any manifests that do not already exist in Snyk will be imported into Snyk using this `sync` command. (Note: by default, the sync command will only detect and sync changes in manifest files supported by Snyk Opensource. To sync files for other Snyk products, specify the appropriate Snyk product using the `--snykProduct` flag). 
+
+### Expected Result 
+The result will be the addition of the new manifest files within Snyk.
+
+## Removing Projects for manifests that no longer exist within a monitored repository
+Use the Snyk-API-Import tool's `sync` command following the [Sync: detecting changes in monitored repos and updating Snyk projects Section](https://github.com/snyk-tech-services/snyk-api-import/blob/master/docs/sync.md). Any manifests that no longer exist will be **deactivated** in Snyk and not **deleted**. Unlike Deletion, Deactivation will ensure that the historical data for that manifest file will remain in Snyk, whereas a Deletion will lead to permanent data loss for the deleted manifest file(s). (Note: by default, the sync command will only detect and sync changes in manifest files supported by Snyk Opensource. To sync files for other Snyk products, specify the appropriate Snyk product using the `--snykProduct` flag). 
+
+### Expected Result
+The result will be the deactivation of the removed manifest file(s) within Snyk. Note: You will have to delete the deactivated projects if you wish to completely remove them from Snyk, which will result in the permanent loss of data for these projects. 
+
+## Detect and update manifest file name changes and/or movement within a monitored repository (Rename or moving a manifest file within a monitored repository)
+Use the Snyk-API-Import tool's `sync` command following the [Sync: detecting changes in monitored repos and updating Snyk projects Section](https://github.com/snyk-tech-services/snyk-api-import/blob/master/docs/sync.md). If an imported repo's manifest file is re-named or moved, any manifest files previously imported will become broken projects in Snyk and therefore deactivated by sync command. However, the sync command will also properly re-import the repo with the appropriate repo name change along with a reimport of the files to properly follow the new repo name. 
+
+### Expected Result
+The result will be the deactivation of the projects created during initial import, but a re-import job will trigger, resulting in displaying the projects with the correct name/path. Note: You will have to delete any deactivated projects if you wish to completely remove them from Snyk, which will result in the permanent loss of data for these projects. 
+
+## Detect and update default branch for a monitored repository (Rename or Switching to Another Branch)
+Use the Snyk-API-Import tool's `sync` command following the [Sync: detecting changes in monitored repos and updating Snyk projects Section](https://github.com/snyk-tech-services/snyk-api-import/blob/master/docs/sync.md). If an imported repo's default branch is re-named, any manifest files previously imported will become broken projects in Snyk and therefore deactivated by sync command. However, the sync command will also properly re-import the repo with the appropriate repo name change along with a reimport of the files to properly follow the new repo name. 
+
+### Expected Result
+The result will be the deactivation of the projects created during initial import, but a re-import job will trigger, resulting in displaying the projects with the renamed default branch. 
+
+## Detect whether a monitored repo has been archived
+Use the Snyk-API-Import tool's `sync` command following the [Sync: detecting changes in monitored repos and updating Snyk projects Section](https://github.com/snyk-tech-services/snyk-api-import/blob/master/docs/sync.md). If an monitored repo is deactivated, the `sync` command will deactivate the projects within Snyk. 
+
+### Expected Result
+The result will be the deactivation of the projects within Snyk.
+
+## Handling of Large Repositories
+For sufficiently large repositories, though, Github truncates the API response. When a truncated Github response is detected, this tool will perform a shallow clone of the repository's default branch.
+
+### Expected Result
+The result will be the successful import of large repositories
+
+## Detect deleted repos 
+Today this is not supported by the snyk-api-import tool. Please refer to this [section](https://github.com/snyk-tech-services/snyk-api-import/blob/master/docs/sync.md#known-limitations) for understanding known limitations. 
+
+
diff --git a/README.md b/README.md
@@ -3,12 +3,18 @@
 ![snyk-oss-category](https://github.com/snyk-labs/oss-images/blob/main/oss-community.jpg)
 
 # snyk-scm-refresh
-[![Known Vulnerabilities](https://snyk.io/test/github/snyk-labs/snyk-scm-refresh/badge.svg)](https://snyk.io/test/github/snyk-labs/snyk-scm-refresh) ![ci](https://github.com/snyk-labs/snyk-scm-refresh/actions/workflows/ci.yml/badge.svg)
-<blockquote>
+[![Known Vulnerabilities](https://snyk.io/test/github/snyk-labs/snyk-scm-refresh/badge.svg)](https://snyk.io/test/github/snyk-labs/snyk-scm-refresh) ![ci](https://github.com/snyk-labs/snyk-scm-refresh/actions/workflows/ci.yml/badge.svg) 
+
+# ⛔️ DEPRECATED 
+
+**This repository is now deprecated. Please make use of the <a href="https://github.com/snyk-tech-services/snyk-api-import">snyk-api-import-tool</a> instead of snyk-scm-refresh. The snyk-api-import tool benefits from longer-term support and covers the majority of use cases that scm-refresh does. You can follow the <a href="Migration_Guide.md">migration guide </a> to help you make the translation. This repo will be archived as of October 1st 2023.**
+
+<!---blockquote>
 <g-emoji class="g-emoji" alias="warning" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/26a0.png">⚠️</g-emoji> <strong>NOTE:</strong>
 We highly reccomend making use of the <a href="https://github.com/snyk-tech-services/snyk-api-import">api-import-tool</a> instead of snyk-scm-refresh. The API import tool benefits from longer-term support and covers the majority of use cases that scm-refresh does.
 </blockquote>
 <br/>
+<--->
 
 ### Description