snyk
diff --git a/‎.cursorrules
Lines changed: 48 additions & 0 deletions b/‎.cursorrules
Lines changed: 48 additions & 0 deletions
diff --git a/‎go.mod
Lines changed: 2 additions & 1 deletion b/‎go.mod
Lines changed: 2 additions & 1 deletion
diff --git a/‎internal/api/api.go
Lines changed: 27 additions & 0 deletions b/‎internal/api/api.go
Lines changed: 27 additions & 0 deletions
diff --git a/‎internal/api/api_test.go
Lines changed: 24 additions & 0 deletions b/‎internal/api/api_test.go
Lines changed: 24 additions & 0 deletions
diff --git a/‎internal/mocks/api.go
Lines changed: 15 additions & 0 deletions b/‎internal/mocks/api.go
Lines changed: 15 additions & 0 deletions
diff --git a/‎pkg/local_workflows/connectivity_check_extension/README.md
Lines changed: 177 additions & 0 deletions b/‎pkg/local_workflows/connectivity_check_extension/README.md
Lines changed: 177 additions & 0 deletions
@@ -0,0 +1,48 @@
+** general **
+- always be concise, direct and don't try to appease me.
+- DOUBLE CHECK THAT YOUR CHANGES ARE REALLY NEEDED. ALWAYS STICK TO THE GIVEN GOAL, NOT MORE.
+- I repeat: don't optimize, don't refactor if not needed.
+- Adhere to the rules, fix linting & test issues that are newly introduced.
+- Maintain existing code patterns and conventions 
+- minimize changes to existing code
+
+** how to implement **
+- always create an implementation plan and save it to the directory under ${issueID}_implementation_plan but never commit it. take it as a reference for each step and how to proceed. Get confirmation that the plan is ok. update it as needed and get it approved, before you start changing files. the `issueID` is usually specified in the current branch in the format `XXX-XXXX`.
+- don't comment what is done, instead comment why something is done if the code is not clear
+- always write and update test cases. iterate until they pass.
+- to manipulate the environment in tests, please use t.SetEnv, never use os.SetEnv
+- follow clean code
+- follow golang best practices, produce idiomatic code
+- please check the makefile - make lint runs the linter, other targets might be relevant as well.
+- use existing mocks, don't write new ones.
+- if you use mocks, use gomock to generate them.
+- always run the tests after editing.
+- if you add debug logging to tests, ensure log messages are not using a Nop logger.
+- always use the linter
+- don't change code that does not need to be changed. only do the minimum changes.
+- this is not a library. if files are not used or needed anymore, delete them instead of deprecating them.
+- if a tool call fails, analyze why it failed and correct your approach. don't prompt the user for help.
+- if you don't know something, read the code instead of assuming it.
+- commenting out code to fix errors is not a solution. instead, fix the error.
+
+** security **
+- determine the absolute path of the project directory. you can do that e.g. by executing pwd on the shell within the directory.
+- always use snyk for sca and code scanning. scan with both tools. you need to pass the absolute path of the directory we are scanning.
+- run snyk code tests after each edit. pass the absolute path of the project directory as a parameter
+- run snyk sca tests after updating go.mod and pass the absolute path of the project directory as a parameter.
+- run snyk sca and code test before committing. if not test data, fix issues before committing.
+
+** fixing issues **
+- fix security issues if they are fixable. take the snyk scan results and the test results as input
+- don't fix test data
+
+** committing **
+- when asked to commit, always use conventional commit messages (Conventional Commit Style (Subject + Body)). be descriptive in the body. if you find a JIRA issue (XXX-XXXX) in the branch name, use it as a postfix to the subject line in the format [XXX-XXXX]
+- consider all commits in the current branch when committing, to have the context of the current changes.
+when asked to push, always use 'git push --set-upstream origin $(git_current_branch)' with git_current_branch being the current branch we are on
+- never force push
+- never push without asking
+- never commit the hashicorp gomod
+- regularly fetch main branch and offer to merge it into git_current_branch
+- after pushing offer to create a PR on github. analyze the changes by comparing the current branch ($(git_current_branch)) with origin/main, and craft a PR description and title.
+use the github pr template in this repository
@@ -33,7 +33,9 @@ require (
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/snyk/error-catalog-golang-public v0.0.0-20250429130542-564b0605020e
 	github.com/subosito/gotenv v1.4.1
+	golang.org/x/net v0.38.0
 	golang.org/x/sync v0.13.0
+	golang.org/x/term v0.31.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
@@ -110,7 +112,6 @@ require (
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	golang.org/x/crypto v0.37.0 // indirect
 	golang.org/x/mod v0.24.0 // indirect
-	golang.org/x/net v0.38.0 // indirect
 	golang.org/x/sys v0.32.0 // indirect
 	golang.org/x/text v0.24.0 // indirect
 	golang.org/x/tools v0.31.0 // indirect
 
@@ -19,6 +19,7 @@ type ApiClient interface {
 	GetDefaultOrgId() (orgID string, err error)
 	GetOrgIdFromSlug(slugName string) (string, error)
 	GetSlugFromOrgId(orgID string) (string, error)
+	GetOrganizations(limit int) (*contract.OrganizationsResponse, error)
 	Init(url string, client *http.Client)
 	GetFeatureFlag(flagname string, origId string) (bool, error)
 	GetUserMe() (string, error)
@@ -93,6 +94,32 @@ func (a *snykApiClient) GetOrgIdFromSlug(slugName string) (string, error) {
 	return "", fmt.Errorf("org ID not found for slug %v", slugName)
 }
 
+// GetOrganizations retrieves organizations accessible to the authenticated user.
+//
+// Parameters:
+//   - limit: Maximum number of organizations to return
+//
+// Returns:
+//   - A pointer to OrganizationsResponse containing organizations.
+//   - An error object (if an error occurred during the API request or response parsing).
+func (a *snykApiClient) GetOrganizations(limit int) (*contract.OrganizationsResponse, error) {
+	endpoint := "/rest/orgs"
+	version := "2024-10-15"
+
+	body, err := clientGet(a, endpoint, &version, "limit", fmt.Sprintf("%d", limit))
+	if err != nil {
+		return nil, err
+	}
+
+	var response contract.OrganizationsResponse
+	err = json.Unmarshal(body, &response)
+	if err != nil {
+		return nil, err
+	}
+
+	return &response, nil
+}
+
 // GetDefaultOrgId retrieves the default organization ID associated with the authenticated user.
 //
 // Returns:
 
@@ -55,6 +55,30 @@ func Test_GetSlugFromOrgId_ReturnsCorrectSlug(t *testing.T) {
 	assert.Equal(t, expectedSlug, actualSlug)
 }
 
+func Test_GetOrganizations_ReturnsOrganizations(t *testing.T) {
+	// Arrange
+	t.Parallel()
+	orgResponse := newMockOrgResponse(t)
+	limit := 50
+	u := fmt.Sprintf("/rest/orgs?limit=%d&version=2024-10-15", limit)
+
+	server := setupSingleReponseServer(t, u, orgResponse)
+	client := api.NewApi(server.URL, http.DefaultClient)
+
+	// Act
+	response, err := client.GetOrganizations(limit)
+	if err != nil {
+		t.Error(err)
+	}
+
+	// Assert
+	assert.NotNil(t, response)
+	assert.Equal(t, 2, len(response.Organizations))
+	assert.Equal(t, "27ce75bf-5794-4bfd-9ae7-e779f465abdf", response.Organizations[0].Id)
+	assert.Equal(t, "defaultOrg", response.Organizations[0].Attributes.Name)
+	assert.Equal(t, "default-org", response.Organizations[0].Attributes.Slug)
+}
+
 func Test_GetOrgIdFromSlug_ReturnsCorrectOrgId(t *testing.T) {
 	// Arrange
 	t.Parallel()
 
@@ -0,0 +1,177 @@
+# Snyk Connectivity Check Extension
+
+A Go-based extension for the Snyk CLI that performs comprehensive network connectivity diagnostics. This tool helps troubleshoot connectivity issues between your environment and Snyk's services.
+
+## Features
+
+- **Comprehensive Endpoint Testing**: Tests connectivity to all Snyk API endpoints and services
+- **Proxy Detection & Validation**: Automatically detects and validates proxy configurations
+- **Organization Listing**: Displays your Snyk organizations when authenticated (with default organization highlighted)
+- **Multiple Output Formats**: Human-readable (with color support) and JSON formats
+- **Actionable Diagnostics**: Provides specific recommendations based on connectivity issues
+- **Integration Ready**: Built as a workflow extension for the Snyk CLI using go-application-framework
+
+### Environment Variables
+
+The tool respects standard proxy environment variables:
+- `HTTPS_PROXY` / `https_proxy`
+- `HTTP_PROXY` / `http_proxy`
+- `NO_PROXY` / `no_proxy`
+
+For custom certificates:
+- `NODE_EXTRA_CA_CERTS` - Path to additional CA certificates bundle
+
+### Authentication
+
+The tool uses Snyk authentication from the go-application-framework configuration:
+- API tokens via `snyk auth`
+- OAuth tokens
+- Bearer tokens
+
+When authenticated, the tool will display your organizations with their IDs. The default organization is highlighted with a `[DEFAULT]` marker.
+
+### Command Line Options
+
+- `--json` - Output results in JSON format
+- `--no-color` - Disable colored output
+- `--timeout <seconds>` - Timeout in seconds for each connection test (default: 10)
+- `--max-org-count <number>` - Maximum number of organizations to retrieve (default: 100)
+
+## Output Examples
+
+### Human-Readable Output
+
+```
+Checking for proxy configuration...
+
+Environment variables:
+  HTTPS_PROXY: (not set)
+  https_proxy: (not set)
+  HTTP_PROXY:  (not set)
+  http_proxy:  (not set)
+  NO_PROXY:    (not set)
+  no_proxy:    (not set)
+
+ℹ No proxy detected - Testing direct connection...
+
+Testing connectivity to Snyk endpoints...
+
+Host                          Result
+----------------------------------------------------------------------
+api.snyk.io                   OK (HTTP 204)
+app.snyk.io                   OK (HTTP 200)
+api.eu.snyk.io                OK (HTTP 204)
+app.eu.snyk.io                OK (HTTP 200)
+api.us.snyk.io                OK (HTTP 204)
+app.us.snyk.io                OK (HTTP 200)
+api.au.snyk.io                OK (HTTP 204)
+app.au.snyk.io                OK (HTTP 200)
+api.snykgov.io                OK (HTTP 204)
+app.snykgov.io                OK (HTTP 200)
+deeproxy.snyk.io/filters      OK (HTTP 200)
+downloads.snyk.io:443/cli/wasm/bundle.tar.gz OK (HTTP 200)
+learn.snyk.io                 OK (HTTP 200)
+static.snyk.io/cli/latest/version OK (HTTP 200)
+snyk.io                       OK (HTTP 200)
+sentry.io                     REACHABLE (HTTP 405)
+
+--- Actionable TODOs ---
+All checks passed. Your network configuration appears to be compatible with Snyk CLI.
+
+ℹ Certificate Configuration:
+If you need to trust custom certificates, set NODE_EXTRA_CA_CERTS environment variable
+pointing to your CA bundle file.
+
+--- Snyk Token and Organizations ---
+✓ Authentication token is configured
+
+Found 2 organizations:
+Group ID                              Org ID                                Name                   Slug                 Default
+---------------------------------------------------------------------------------------------------------------------------------------
+a1b2c3d4-e5f6-7890-abcd-ef1234567890  d4e5f6a7-b890-cdef-1234-567890abcdef  My Organization       my-organization      Yes
+b2c3d4e5-f6a7-8901-bcde-f23456789012  e5f6a7b8-c901-def2-3456-7890abcdef12  Another Org           another-org
+```
+
+### JSON Output
+
+```bash
+snyk connectivity-check --json
+```
+
+```json
+{
+  "proxyConfig": {
+    "detected": false,
+    "url": "",
+    "variable": ""
+  },
+  "hostResults": [
+    {
+      "host": "api.snyk.io",
+      "displayHost": "api.snyk.io",
+      "url": "https://api.snyk.io",
+      "statusCode": 204,
+      "status": 0,
+      "responseTime": 150000000
+    }
+  ],
+  "todos": [],
+  "organizations": [
+    {
+      "id": "org-uuid-1",
+      "groupId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
+      "name": "My Organization",
+      "slug": "my-organization",
+      "isDefault": true
+    },
+    {
+      "id": "org-uuid-2",
+      "groupId": "b2c3d4e5-f6a7-8901-bcde-f23456789012",
+      "name": "Another Org",
+      "slug": "another-org",
+      "isDefault": false
+    }
+  ],
+  "tokenPresent": true,
+  "startTime": "2024-01-15T10:00:00Z",
+  "endTime": "2024-01-15T10:00:05Z"
+}
+```
+
+## Troubleshooting
+
+### Common Issues
+
+#### Proxy Authentication Required
+If you see "PROXY AUTH REQUIRED", the tool has detected your proxy but needs authentication:
+- For NTLM/Negotiate proxies: The Snyk CLI supports these authentication methods
+- For other proxy auth types: Configure proxy credentials in your proxy URL
+
+#### DNS Errors
+If you see "DNS_ERROR" for multiple hosts:
+- Check your DNS configuration
+- Verify you can resolve external domains
+- Check if you need to use a corporate DNS server
+
+#### TLS/SSL Errors
+If you see "TLS/SSL_ERROR":
+- You may need to configure custom CA certificates
+- Set `NODE_EXTRA_CA_CERTS` to point to your CA bundle
+- Ensure your proxy (if any) isn't intercepting SSL
+
+#### No Organizations Displayed
+If authenticated but no organizations shown:
+- Verify your token has the correct permissions
+- Check if you belong to any organizations
+- Try re-authenticating with `snyk auth`
+
+### Status Meanings
+
+- **OK**: Full connectivity verified
+- **REACHABLE**: Host is reachable but returned unexpected status
+- **BLOCKED**: Connection refused or blocked
+- **DNS_ERROR**: Cannot resolve hostname
+- **TLS/SSL_ERROR**: Certificate or TLS handshake issues
+- **TIMEOUT**: Connection timed out
+- **PROXY AUTH REQUIRED (SUPPORTED)**: Proxy needs auth, type is supported
+- **PROXY AUTH REQUIRED (UNSUPPORTED)**: Proxy needs auth, type not supported