check snyk

hors · hors · commit ef205fdd6dce · 2024-11-17T18:27:23.000+02:00
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
@@ -11,7 +11,7 @@ env:
 jobs:
   build:
     name: Build
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout code
         uses: actions/checkout@v4.1.1
@@ -30,13 +30,13 @@ jobs:
           export DOCKER_DEFAULT_PLATFORM='linux/arm64'
           ./e2e-tests/build
 
-      - name: Run Snyk vulnerability scanner image (linux/arm64)
-        uses: snyk/actions/docker@master
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          image: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-arm64'
-          args: --platform=linux/arm64 --severity-threshold=high --exclude-base-image-vulns --file=./build/Dockerfile -fail-on=upgradable
+#      - name: Run Snyk vulnerability scanner image (linux/arm64)
+#        uses: snyk/actions/docker@master
+#        env:
+#          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+#        with:
+#          image: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-arm64'
+#          args: --platform=linux/arm64 --severity-threshold=high --exclude-base-image-vulns --file=./build/Dockerfile -fail-on=upgradable
 
       - name: Build an image from Dockerfile (linux/amd64)
         run: |
@@ -45,12 +45,15 @@ jobs:
           export DOCKER_SQUASH=0
           export DOCKER_DEFAULT_PLATFORM='linux/amd64'
           ./e2e-tests/build
-
+      - name: Install Snyk
+        uses: snyk/actions/setup@master
       - name: Run Snyk vulnerability scanner image (linux/amd64)
-        uses: snyk/actions/docker@master
+        run: snyk ontainer test --platform=linux/amd64 --severity-threshold=high --fail-on=upgradable --exclude-base-image-vulns ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-amd64 --file=./build/Dockerfile
         env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          image: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-amd64'
-          args: --platform=linux/amd64 --severity-threshold=high --exclude-base-image-vulns --file=./build/Dockerfile -fail-on=upgradable
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN_NEW }}
+#        with:
+#          command: 'container test'
+#          image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-amd64
+#          args: --platform=linux/amd64 --severity-threshold=high --exclude-base-image-vulns --file=./build/Dockerfile -fail-on=upgradable
+
 
