Merge pull request #37 from snyk/feat/add-legacy-json-org

feat: include organization slug in the legacy JSON output

Author: bsalomon-snyk

internal/commands/ostest/__snapshots__/sbom_reachability_flow_test.snap

@@ -21,7 +21,7 @@
   "severities": null
  },
  "ok": false,
- "org": "",
+ "org": "test-org-slug",
  "packageManager": "",
  "policy": "",
  "projectName": "",

internal/commands/ostest/depgraph_flow.go

@@ -28,6 +28,7 @@ func RunUnifiedTestFlow(
 	riskScoreThreshold *uint16,
 	severityThreshold *testapi.Severity,
 	orgID string,
+	orgSlugOrID string,
 	errFactory *errors.ErrorFactory,
 	logger *zerolog.Logger,
 ) ([]workflow.Data, error) {
@@ -46,6 +47,7 @@ func RunUnifiedTestFlow(
 		ictx,
 		testClient,
 		orgID,
+		orgSlugOrID,
 		errFactory,
 		logger,
 		localPolicy,
@@ -65,6 +67,7 @@ func testAllDepGraphs(
 	ictx workflow.InvocationContext,
 	testClient testapi.TestClient,
 	orgID string,
+	orgSlugOrID string,
 	errFactory *errors.ErrorFactory,
 	logger *zerolog.Logger,
 	localPolicy *testapi.LocalPolicy,
@@ -92,7 +95,7 @@ func testAllDepGraphs(
 		// Run the test with the depgraph subject
 		legacyFinding, outputData, err := RunTest(
 			ctx, ictx, testClient, subject, projectName, packageManager, depCount,
-			displayTargetFile, orgID, errFactory, logger, localPolicy)
+			displayTargetFile, orgID, orgSlugOrID, errFactory, logger, localPolicy)
 		if err != nil {
 			return nil, nil, err
 		}

internal/commands/ostest/sbom_reachability_flow.go

@@ -26,6 +26,7 @@ func RunSbomReachabilityFlow(
 	sourceCodePath string,
 	bsClient bundlestore.Client,
 	orgID string,
+	orgSlugOrID string,
 ) ([]workflow.Data, error) {
 	if sourceCodePath == "" {
 		sourceCodePath = "."
@@ -68,7 +69,7 @@ func RunSbomReachabilityFlow(
 		return nil, fmt.Errorf("failed to create sbom test reachability subject: %w", err)
 	}
 
-	findings, summary, err := RunTest(ctx, ictx, testClient, subject, "", "", int(0), "", orgID, errFactory, logger, nil)
+	findings, summary, err := RunTest(ctx, ictx, testClient, subject, "", "", int(0), "", orgID, orgSlugOrID, errFactory, logger, nil)
 	if err != nil {
 		return nil, err
 	}

internal/commands/ostest/sbom_reachability_flow_test.go

@@ -37,6 +37,7 @@ func Test_RunSbomReachabilityFlow_Success(t *testing.T) {
 	sbomPath := "./testdata/bom.json"
 	sourceCodePath := "./testdata/test_dir"
 	orgID := "test-org-id"
+	orgSlug := "test-org-slug"
 
 	vulnTime, err := time.Parse(time.RFC3339, "2025-07-28T17:11:43+03:00")
 	require.NoError(t, err)
@@ -156,14 +157,15 @@ func Test_RunSbomReachabilityFlow_Success(t *testing.T) {
 	mockBsClient.EXPECT().UploadSBOM(ctx, sbomPath).Return("test-sbom-hash", nil).Times(1)
 	mockBsClient.EXPECT().UploadSourceCode(ctx, sourceCodePath).Return("test-source-hash", nil).Times(1)
 
-	// Mock Invocation COntext
+	// Mock Invocation Context
 	mockConfig := configuration.New()
 	mockConfig.Set(outputworkflow.OutputConfigKeyJSON, true)
+	mockConfig.Set(configuration.ORGANIZATION_SLUG, orgSlug)
 	mockIctx := gafmocks.NewMockInvocationContext(ctrl)
-	mockIctx.EXPECT().GetConfiguration().Return(mockConfig).Times(1)
+	mockIctx.EXPECT().GetConfiguration().Return(mockConfig).AnyTimes()
 
 	// This should now succeed with proper finding data
-	result, err := ostest.RunSbomReachabilityFlow(ctx, mockIctx, mockTestClient, ef, &logger, sbomPath, sourceCodePath, mockBsClient, orgID)
+	result, err := ostest.RunSbomReachabilityFlow(ctx, mockIctx, mockTestClient, ef, &logger, sbomPath, sourceCodePath, mockBsClient, orgID, orgSlug)
 
 	require.NoError(t, err)
 	require.NotNil(t, result)

internal/commands/ostest/test_execution.go

@@ -43,6 +43,7 @@ func RunTest(
 	depCount int,
 	displayTargetFile string,
 	orgID string,
+	orgSlugOrID string,
 	errFactory *errors.ErrorFactory,
 	logger *zerolog.Logger,
 	localPolicy *testapi.LocalPolicy,
@@ -71,6 +72,7 @@ func RunTest(
 	legacyParams := &transform.SnykSchemaToLegacyParams{
 		Findings:          findingsData,
 		TestResult:        finalResult,
+		OrgSlugOrID:       orgSlugOrID,
 		ProjectName:       projectName,
 		PackageManager:    packageManager,
 		CurrentDir:        currentDir,

internal/commands/ostest/workflow.go

@@ -78,6 +78,7 @@ func setupSBOMReachabilityFlow(
 	ictx workflow.InvocationContext,
 	testClient testapi.TestClient,
 	orgID string,
+	orgSlugOrID string,
 	errFactory *errors.ErrorFactory,
 	logger *zerolog.Logger,
 	sbom, sourceDir string,
@@ -104,7 +105,7 @@ func setupSBOMReachabilityFlow(
 	)
 
 	bsClient := bundlestore.NewClient(ictx.GetNetworkAccess().GetHttpClient(), codeScannerConfig, cScanner, logger)
-	return RunSbomReachabilityFlow(ctx, ictx, testClient, errFactory, logger, sbom, sourceDir, bsClient, orgID)
+	return RunSbomReachabilityFlow(ctx, ictx, testClient, errFactory, logger, sbom, sourceDir, bsClient, orgID, orgSlugOrID)
 }
 
 // setupDefaultTestFlow sets up and runs the default test flow with risk score and severity thresholds.
@@ -113,6 +114,7 @@ func setupDefaultTestFlow(
 	ictx workflow.InvocationContext,
 	testClient testapi.TestClient,
 	orgID string,
+	orgSlugOrID string,
 	errFactory *errors.ErrorFactory,
 	logger *zerolog.Logger,
 	riskScoreThreshold int,
@@ -151,7 +153,7 @@ func setupDefaultTestFlow(
 		severityThresholdPtr = &st
 	}
 
-	return RunUnifiedTestFlow(ctx, ictx, testClient, riskScorePtr, severityThresholdPtr, orgID, errFactory, logger)
+	return RunUnifiedTestFlow(ctx, ictx, testClient, riskScorePtr, severityThresholdPtr, orgID, orgSlugOrID, errFactory, logger)
 }
 
 // OSWorkflow is the entry point for the Open Source Test workflow.
@@ -195,6 +197,12 @@ func OSWorkflow(
 		return nil, errFactory.NewEmptyOrgError()
 	}
 
+	orgSlugOrID := config.GetString(configuration.ORGANIZATION_SLUG)
+	if orgSlugOrID == "" {
+		logger.Info().Msg("No organization slug provided; using organization ID.")
+		orgSlugOrID = orgID
+	}
+
 	// Create Snyk client
 	httpClient := ictx.GetNetworkAccess().GetHttpClient()
 	snykClient := snykclient.NewSnykClient(httpClient, ictx.GetConfiguration().GetString(configuration.API_URL), orgID)
@@ -212,8 +220,8 @@ func OSWorkflow(
 	// Route to the appropriate flow based on flags
 	switch {
 	case sbomReachabilityTest:
-		return setupSBOMReachabilityFlow(ctx, ictx, testClient, orgID, errFactory, logger, sbom, sourceDir)
+		return setupSBOMReachabilityFlow(ctx, ictx, testClient, orgID, orgSlugOrID, errFactory, logger, sbom, sourceDir)
 	default:
-		return setupDefaultTestFlow(ctx, ictx, testClient, orgID, errFactory, logger, riskScoreThreshold)
+		return setupDefaultTestFlow(ctx, ictx, testClient, orgID, orgSlugOrID, errFactory, logger, riskScoreThreshold)
 	}
 }

internal/commands/ostest/workflow_test.go

@@ -248,6 +248,7 @@ func createMockInvocationCtxWithURL(t *testing.T, ctrl *gomock.Controller, engin
 	mockConfig := configuration.New()
 	mockConfig.Set(configuration.AUTHENTICATION_TOKEN, "<SOME API TOKEN>")
 	mockConfig.Set(configuration.ORGANIZATION, uuid.New().String())
+	mockConfig.Set(configuration.ORGANIZATION_SLUG, "some-org")
 	mockConfig.Set(configuration.API_URL, mockServerURL)
 
 	// Initialize with default values for our flags

internal/legacy/transform/transform.go

@@ -24,6 +24,7 @@ const (
 type SnykSchemaToLegacyParams struct {
 	Findings          []testapi.FindingData
 	TestResult        testapi.TestResult
+	OrgSlugOrID       string
 	ProjectName       string
 	PackageManager    string
 	CurrentDir        string
@@ -348,6 +349,7 @@ func ConvertSnykSchemaFindingsToLegacy(params *SnykSchemaToLegacyParams) (*defin
 	}
 
 	res := definitions.LegacyVulnerabilityResponse{
+		Org:               params.OrgSlugOrID,
 		ProjectName:       params.ProjectName,
 		Path:              params.CurrentDir,
 		PackageManager:    params.PackageManager,