File tree Expand file tree Collapse file tree 3 files changed +107
-22
lines changed
Expand file tree Collapse file tree 3 files changed +107
-22
lines changed Original file line number Diff line number Diff line change 1+ name : Snyk scheduled Docker base image scan
2+
3+ on :
4+ schedule :
5+ - cron : ' 0 3 * * 1'
6+ workflow_dispatch :
7+
8+ env :
9+ DOCKER_IMAGE_FITBIT : radarbase/kafka-connect-rest-fitbit-source
10+ DOCKER_IMAGE_OURA : radarbase/kafka-connect-rest-oura-source
11+
12+ jobs :
13+ security :
14+ runs-on : ubuntu-latest
15+
16+ steps :
17+ - uses : actions/checkout@v3
18+
19+ - name : Run Snyk to check for vulnerabilities on Fitbit image
20+ uses : snyk/actions/docker@master
21+ env :
22+ SNYK_TOKEN : ${{ secrets.SNYK_TOKEN }}
23+ with :
24+ image : ${{ env.DOCKER_IMAGE_FITBIT }}
25+ args : >-
26+ --file=kafka-connect-fitbit-source/Dockerfile
27+ --fail-on=upgradable
28+ --severity-threshold=high
29+ --policy-path=.snyk
30+ --exclude-app-vulns
31+ --org=radar-base
32+ --sarif-file-output=fitbit.sarif
33+
34+ name : Run Snyk to check for vulnerabilities on Oura image
35+ uses : snyk/actions/docker@master
36+ env :
37+ SNYK_TOKEN : ${{ secrets.SNYK_TOKEN }}
38+ with :
39+ image : ${{ env.DOCKER_IMAGE_OURA }}
40+ args : >-
41+ --file=kafka-connect-oura-source/Dockerfile
42+ --fail-on=upgradable
43+ --severity-threshold=high
44+ --policy-path=.snyk
45+ --exclude-app-vulns
46+ --org=radar-base
47+ --sarif-file-output=oura.sarif
48+
49+ # Detected vulnerabilities will appear on Github in Security->Code_scanning_alerts tab
50+ - name : Upload Fitbit result to GitHub Code Scanning
51+ uses : github/codeql-action/upload-sarif@v3
52+ with :
53+ sarif_file : fitbit.sarif
54+
55+ - name : Upload Oura result to GitHub Code Scanning
56+ uses : github/codeql-action/upload-sarif@v3
57+ with :
58+ sarif_file : oura.sarif
Original file line number Diff line number Diff line change 1+ name : Snyk scheduled code base scan
2+
3+ on :
4+ schedule :
5+ - cron : ' 0 2 * * 1'
6+ workflow_dispatch :
7+
8+ jobs :
9+ security :
10+ runs-on : ubuntu-latest
11+
12+ steps :
13+ - uses : actions/checkout@v3
14+
15+ - name : Run Snyk to check for vulnerabilities
16+ uses : snyk/actions/gradle-jdk17@master
17+ continue-on-error : true # To make sure that SARIF upload gets called
18+ env :
19+ SNYK_TOKEN : ${{ secrets.SNYK_TOKEN }}
20+ with :
21+ args : >-
22+ --all-projects
23+ --configuration-matching='^runtimeClasspath$'
24+ --fail-on=upgradable
25+ --severity-threshold=high
26+ --policy-path=.snyk
27+ --org=radar-base
28+ --sarif-file-output=snyk.sarif
29+
30+ # Detected vulnerabilities will appear on Github in Security->Code_scanning_alerts tab
31+ - name : Upload result to GitHub Code Scanning
32+ uses : github/codeql-action/upload-sarif@v3
33+ with :
34+ sarif_file : snyk.sarif
Original file line number Diff line number Diff line change 1- name : Snyk test
1+ name : Snyk test on PR commits
22
33on :
4- - pull_request
4+ pull_request :
5+ branches :
6+ - main
7+ - dev
8+ - release-*
59
610jobs :
711 security :
812 runs-on : ubuntu-latest
9-
1013 steps :
1114 - uses : actions/checkout@v3
12- - uses : snyk/actions/setup@master
13- with :
14- snyk-version : v1.1032.0
15-
16- - uses : actions/setup-java@v3
17- with :
18- distribution : temurin
19- java-version : 17
20-
21- - name : Setup Gradle
22- uses : gradle/gradle-build-action@v2
2315
2416 - name : Run Snyk to check for vulnerabilities
17+ uses : snyk/actions/gradle-jdk17@master
2518 env :
2619 SNYK_TOKEN : ${{ secrets.SNYK_TOKEN }}
27- run : >
28- snyk test
29- --all-projects
30- --configuration-matching="^runtimeClasspath$"
31- --fail-on=upgradable
32- --org=radar-base
33- --policy-path=.snyk
34- --severity-threshold=high
20+ with :
21+ args : >-
22+ --all-projects
23+ --configuration-matching="^runtimeClasspath$"
24+ --severity-threshold=high
25+ --fail-on=upgradable
26+ --org=radar-base
27+ --policy-path=.snyk
You can’t perform that action at this time.
0 commit comments