This is a vulnerable by design repository for demonstrating Snyk Insights. Do not deploy this in production.
Fork this repository and import it in a new or existing org.
git clone https://github.com/somerset-inc/juice-shop-goof.git
cd juice-shop
In A Cloud Guru create an AWS sandbox environment, then add the following as GitHub Actions Variables:
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
SNYK_ORG_ID
SNYK_TOKEN
Edit the _build_flag file to trigger EKS provisioning and Juice Shop deployment.
Create Snyk Service Acount with minimum scope: docs
Log into AWS CLI:
aws configure
aws eks update-kubeconfig --region us-east-1 --name juice-shop-cluster
Add the secret
kubectl create secret generic insights-secret --from-literal=snykServiceAccountToken=YOUR_SNYK_TOKEN
Add the Helm chart
helm repo add kubernetes-scanner https://snyk.github.io/kubernetes-scanner
helm repo update
Install the chart
helm install insights \
--set "secretName=insights-secret" \
--set "config.clusterName=juice-shop-cluster" \
--set "config.routes[0].organizationID=YOUR_ORG_ID" \
--set "config.routes[0].clusterScopedResources=true" \
--set "config.routes[0].namespaces[0]=*" \
kubernetes-scanner/kubernetes-scanner
Run kubectl get pods
to verify the pod is running.
See full docs on tagging format. This is required to link Open Source and Code projects with Container projects.
Add tags to container images: see example workflow.
Examples:
snyk container monitor your/image:tag --tags="component=pkg:${{ github.repository }}@${{ github.ref_name }}"
snyk container monitor your/image:tag --tags="component=pkg:github/org/repo@branch"
Review script at insights/apply-tags.py.
pip install requests
python3 insights/apply-tags.py --org-id your-org-id --snyk-token your-snyk-token --origin github