snyk
diff --git a/‎.circleci/config.yml
Lines changed: 3 additions & 3 deletions b/‎.circleci/config.yml
Lines changed: 3 additions & 3 deletions
diff --git a/‎.circleci/config/@config.yml
Lines changed: 1 addition & 1 deletion b/‎.circleci/config/@config.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.circleci/config/jobs/deploy_to_dev.yml
Lines changed: 1 addition & 1 deletion b/‎.circleci/config/jobs/deploy_to_dev.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎package-lock.json
Lines changed: 10 additions & 4 deletions b/‎package-lock.json
Lines changed: 10 additions & 4 deletions
diff --git a/‎package.json
Lines changed: 1 addition & 1 deletion b/‎package.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎scripts/circleci-jobs/deploy_to_dev.sh
Lines changed: 0 additions & 91 deletions b/‎scripts/circleci-jobs/deploy_to_dev.sh
Lines changed: 0 additions & 91 deletions
diff --git a/‎scripts/circleci-jobs/prepare_to_deploy.sh
Lines changed: 60 additions & 0 deletions b/‎scripts/circleci-jobs/prepare_to_deploy.sh
Lines changed: 60 additions & 0 deletions
diff --git a/‎src/scanner/images/index.ts
Lines changed: 14 additions & 3 deletions b/‎src/scanner/images/index.ts
Lines changed: 14 additions & 3 deletions
@@ -166,7 +166,7 @@ jobs:
                 name: Notify Slack on failure
                 when: on_fail
         working_directory: ~/kubernetes-monitor
-    deploy_to_dev:
+    prepare_to_deploy:
         docker:
             - auth:
                 password: $DOCKERHUB_PASSWORD
@@ -176,7 +176,7 @@ jobs:
             - checkout
             - install_python_requests
             - run:
-                command: ./scripts/circleci-jobs/deploy_to_dev.sh
+                command: ./scripts/circleci-jobs/prepare_to_deploy.sh
                 name: Deploy to dev
             - run:
                 command: ./scripts/slack/notify_failure.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}"
@@ -1099,7 +1099,7 @@ workflows:
                     - build_and_upload_operator
                     - unit_tests
                     - system_tests
-            - deploy_to_dev:
+            - prepare_to_deploy:
                 context: team-container-integration
                 filters:
                     branches:
 
@@ -100,7 +100,7 @@ workflows:
             # - integration_tests_helm
             # - integration_tests_proxy
           <<: *staging_branch_only_filter
-      - deploy_to_dev:
+      - prepare_to_deploy:
           context: team-container-integration
           requires:
             - tag_and_push
 
@@ -10,7 +10,7 @@ steps:
 
   - run:
       name: Deploy to dev
-      command: ./scripts/circleci-jobs/deploy_to_dev.sh
+      command: ./scripts/circleci-jobs/prepare_to_deploy.sh
 
   - run:
       name: Notify Slack on failure
 
@@ -49,7 +49,7 @@
     "packageurl-js": "^1.2.1",
     "sleep-promise": "^9.1.0",
     "snyk-config": "5.1.0",
-    "snyk-docker-plugin": "^6.8.3",
+    "snyk-docker-plugin": "^6.10.0",
     "source-map-support": "^0.5.21",
     "tunnel": "0.0.6",
     "typescript": "4.7.4",
 
@@ -0,0 +1,60 @@
+#! /bin/bash
+set -e
+
+# Getting latest released tag
+LATEST_TAG_WITH_V=`git describe --abbrev=0 --tags ${CIRCLE_SHA1}`
+LATEST_TAG=${LATEST_TAG_WITH_V:1}
+
+# Config git
+git config --global user.email "[email protected]"
+git config --global user.name "K-M Deploy Bot"
+
+# Clone repo
+git clone https://$GH_TOKEN@github.com/snyk/$KUBERNETES_MONITOR_DEPLOYER_REPO.git
+
+# Copy contents from snyk-monitor/ folder into deployer helm/ folder in github
+cp -r snyk-monitor/* $KUBERNETES_MONITOR_DEPLOYER_REPO/helm 
+
+# Replace Chart.yaml with the Chart.yaml from the deployer repo
+cat $KUBERNETES_MONITOR_DEPLOYER_REPO/Chart.yaml > $KUBERNETES_MONITOR_DEPLOYER_REPO/helm/Chart.yaml
+
+# Create environment values file(s)
+cat >$KUBERNETES_MONITOR_DEPLOYER_REPO/helm/values/$PRODUCTION_YAML_FILE_NAME.yaml <<EOF
+clusterName: "Production cluster"
+skip_k8s_jobs: true
+
+requests:
+  memory: "4Gi"
+
+limits:
+  memory: "4Gi"
+
+policyOrgs:
+  - $POLICY_ORG_PROD
+
+image:
+  tag: $LATEST_TAG
+
+skopeo:
+  compression:
+    level: 1
+
+workers:
+  count: 5
+
+metadata:
+  annotations:
+    github.com/project-slug: snyk/kubernetes-monitor
+    github.com/team-slug: snyk/container-integration
+  labels:
+    $SNYK_OWNER_LABEL_KEY: $SNYK_OWNER_LABEL_VALUE
+    $SNYK_LOG_DEST_LABEL_KEY: $SNYK_LOG_DEST_LABEL_VALUE
+
+EOF
+
+# Add extra values
+cat $KUBERNETES_MONITOR_DEPLOYER_REPO/extra-production-values.yaml >> $KUBERNETES_MONITOR_DEPLOYER_REPO/helm/values/$PRODUCTION_YAML_FILE_NAME.yaml
+
+cd $KUBERNETES_MONITOR_DEPLOYER_REPO
+git commit --allow-empty -am "feat: deploy k-m $LATEST_TAG_WITH_V"
+git push origin main
@@ -27,12 +27,14 @@ async function pullImageBySkopeoRepo(
 ): Promise<IPullableImage> {
   // Scan image by digest if exists, other way fallback tag
   const scanId = imageToPull.imageWithDigest ?? imageToPull.imageName;
-  await skopeoCopy(
+  const { manifestDigest, indexDigest } = await skopeoCopy(
     scanId,
     imageToPull.fileSystemPath,
     imageToPull.skopeoRepoType,
     workloadName,
   );
+  imageToPull.manifestDigest = manifestDigest;
+  imageToPull.indexDigest = indexDigest;
   return imageToPull;
 }
 
@@ -126,14 +128,23 @@ export async function scanImages(
 ): Promise<IScanResult[]> {
   const scannedImages: IScanResult[] = [];
 
-  for (const { imageName, fileSystemPath, imageWithDigest } of images) {
+  for (const {
+    imageName,
+    fileSystemPath,
+    imageWithDigest,
+    manifestDigest,
+    indexDigest,
+  } of images) {
     try {
       const archivePath = `docker-archive:${fileSystemPath}`;
 
       const pluginResponse = await scan({
         path: archivePath,
         imageNameAndTag: imageName,
-        imageNameAndDigest: imageWithDigest,
+        digests: {
+          manifest: manifestDigest,
+          index: indexDigest,
+        },
       });
 
       if (