Snyk¶
Use ca9 to add local Python reachability evidence to Snyk JSON output.
With test coverage¶
coverage run -m pytest
coverage json -o coverage.json
ca9 check snyk-report.json --repo . --coverage coverage.json --show-confidence
CI artifacts¶
ca9 check snyk-report.json --repo . -f sarif -o ca9.sarif
ca9 check snyk-report.json --repo . -f vex -o openvex.json
ca9 check snyk-report.json --repo . -f remediation -o remediation.json
For release gates, prefer --proof-standard strict.