fix: use correct projectName in container monitor JSON output #6343
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bgardiner
force-pushed
the
fix/container-monitor-json-projectname
branch
2 times, most recently
from
0323e7e to
6d0e892
Compare
The projectName field in 'snyk container monitor --json' output was incorrectly set to monitorResult.id (the monitor's public ID) instead of monitorResult.projectName (the actual project name). This caused the JSON output to display a UUID instead of the project's display name (e.g., the image name or --project-name value). Changes: - Fixed src/lib/ecosystems/monitor.ts line 214 to use monitorResult.projectName - Added unit test with mocked registry response to validate the fix - Updated acceptance tests with correct expected projectName values
bgardiner
force-pushed
the
fix/container-monitor-json-projectname
branch
from
192702e to
48e3995
Compare
adrobuta
reviewed
Dec 5, 2025
| data: monOutput, | ||
| path: monitorResult.path, | ||
| projectName: monitorResult.id, | ||
| projectName: monitorResult.projectName, |
Contributor
There was a problem hiding this comment.
changes look good. I have only one question, do you think having the a non unique project name reported for base image/ application project could break any automation around the json output?
Current behavior: json output for node:lates
cat json_output | jq '.[].projectName' "bae0b739-9d1c-4e04-99ac-3e7af3faa271" "73e39537-0bf5-45ed-9621-06d83dc9d69f"
the projectName will be same for both projects
Contributor
Author
There was a problem hiding this comment.
It should not actually be the same projectName for both projects. One will have a target file appended. For example, when setting --project-name=brians_project on a container with a JS application, there are two different projects created:
brians_project:/usr/lib/node_modules(JS app)brians_project(base image)
adrobuta
approved these changes
Dec 5, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
The
projectNamefield in the JSON output ofsnyk container monitor --jsoncontains the monitor's public ID (UUID) instead of the actual project name.Changes
File:
src/lib/ecosystems/monitor.tsChanged line 214 from:
to:
Root Cause
The registry correctly returns
projectName: project.namein theMonitorDependenciesResponse, but the CLI was overwriting it withmonitorResult.idwhen building the JSON output.Breaking Change Consideration
This is changing the JSON response of a CLI command, so it should be assessed for breaking change. I do NOT think it qualifies as a breaking change. The return type (string) and field key remain the same. The previous field value returned something completely unusable by the user (the monitor's public ID), as there is no public API call that references the monitor ID. This corrects a bug and should NOT negatively impact customer's existing use of the monitor command.
Steps to Reproduce (before fix)
Output before fix:
Expected output after fix:
projectNameshould contain the project's display name (e.g., automatically determined value from the image name or the value passed via--project-name).