Skip to content

Create snyk-scans-cli.yml #1

Create snyk-scans-cli.yml

Create snyk-scans-cli.yml #1

name: Snyk Full Platform (CLI)
# Prerequisites:
# - Set a SNYK_TOKEN under env secrets in an env called "Snyk"
# - If you are not running the scan on your default org in Snyk, set the org id in a secret called SNYK_ORG in the same env as above (env called "Snyk") and add an additional --org=${{ secrets.SNYK_ORG }} parameter in all the test commands
on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
jobs:
snyk-os:
environment: snyk
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@master
- name: Install Snyk CLI
run: |
wget -O snyk https://static.snyk.io/cli/latest/snyk-linux
chmod +x ./snyk
mv ./snyk /usr/local/bin/
- name: Authenticate and run Snyk Open Source Scan + Monitor
run: |
npm install
snyk auth ${{ secrets.SNYK_TOKEN }}
snyk test
snyk monitor
snyk-code:
environment: snyk
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@master
- name: Install Snyk CLI
run: |
wget -O snyk https://static.snyk.io/cli/latest/snyk-linux
chmod +x ./snyk
mv ./snyk /usr/local/bin/
- name: Configure and run Snyk Code Scan
run: |
snyk auth ${{ secrets.SNYK_TOKEN }}
snyk code test
snyk-container:
environment: snyk
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@master
- name: Build the Docker image
run: docker build . --file Dockerfile --tag boosef-juiceshop:latest
- name: Install Snyk CLI
run: |
wget -O snyk https://static.snyk.io/cli/latest/snyk-linux
chmod +x ./snyk
mv ./snyk /usr/local/bin/
- name: Scan and Monitor Docker Vulnerabilities
run: |
snyk auth ${{ secrets.SNYK_TOKEN }}
snyk container test boosef-juiceshop:latest --file=Dockerfile
snyk container monitor boosef-juiceshop:latest --file=Dockerfile
snyk-iac:
environment: snyk
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@master
- name: Install Snyk CLI
run: |
wget -O snyk https://static.snyk.io/cli/latest/snyk-linux
chmod +x ./snyk
mv ./snyk /usr/local/bin/
- name: Run and monitor Snyk to check configuration files for security issues
run: |
snyk auth ${{ secrets.SNYK_TOKEN }}
snyk iac test --report