File tree Expand file tree Collapse file tree 1 file changed +22
-3
lines changed
Expand file tree Collapse file tree 1 file changed +22
-3
lines changed Original file line number Diff line number Diff line change @@ -167,10 +167,10 @@ steps:
167167 success_criteria :
168168 condition :
169169 any :
170- secScanStep : security_scan_1 .result == 'success'
170+ secScanStep : aqua_scan.result == 'success' && snyk_scan .result == 'success'
171171 secScanFail : ' "${{IGNORE_SEC_SCAN}}" == "true"'
172172 steps :
173- security_scan_1 :
173+ aqua_scan :
174174 image : aquasec/trivy:latest
175175 title : " Scanning image for security vulnerablities"
176176 commands :
@@ -192,7 +192,26 @@ steps:
192192 metadata :
193193 set :
194194 - ' ${{build_image.imageId}} '
195- - SECURITY_CHECK_PASS : true
195+ - SECURITY_SCAN_AQUA : true
196+
197+ snyk_scan :
198+ image : quay.io/codefresh/snyk-cli:${{SNYK_IMAGE_TAG}}
199+ title : " Scanning image for security vulnerablities"
200+ shell : bash
201+ working_directory : ${{main_clone}}/venona
202+ environment :
203+ - SNYK_TOKEN=${{SNYK_TOKEN}}
204+ - LOCAL_IMAGE_REF=${{IMAGE_NAME}}:${{CF_BRANCH_TAG_NORMALIZED_LOWER_CASE}}
205+ commands :
206+ - |
207+ snyk test --severity-threshold=${{SNYK_SEVERITY_THRESHOLD}} || fail=1
208+ snyk container test --severity-threshold=${{SNYK_SEVERITY_THRESHOLD}} --file=Dockerfile ${LOCAL_IMAGE_REF}
209+ if [ "$fail" == "1" ]; then exit 1; fi
210+ on_success :
211+ metadata :
212+ set :
213+ - ' ${{build_image.imageId}} '
214+ - SECURITY_SCAN_SNYK : true
196215
197216 upload_sec_scan_report :
198217 stage : Security scan
You can’t perform that action at this time.
0 commit comments