Skip to content
Snyk Container

test snyk scan CI #4

Sign in to view logs

test snyk scan CI

test snyk scan CI #4

Workflow file for this run

.github/workflows/snyk-security-scan.yml at 9afb4db
##
# This action runs Snyk container vulnerability
# scanner for Docker images.
##
name: Snyk Container
on:
push:
branches:
- snyk-vulnerability-scan
jobs:
snyk-container-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Build Farmer Docker image
run: docker build -t autonomys/farmer:snyk -f docker/farmer.Dockerfile .
- name: Run Snyk to check Docker image for vulnerabilities
uses: snyk/actions/docker@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: autonomys/farmer:snyk
args: --file=docker/farmer.Dockerfile
continue-on-error: true
- name: Build Node Docker image
run: docker build -t autonomys/node:snyk -f docker/node.Dockerfile .
- name: Run Snyk to check Docker image for vulnerabilities
uses: snyk/actions/docker@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: autonomys/node:snyk
args: --file=docker/node.Dockerfile
continue-on-error: true
- name: Build Bootstrap node Docker image
run: docker build -t autonomys/bootstrap-node:snyk -f docker/bootstrap-node.Dockerfile .
- name: Run Snyk to check Docker image for vulnerabilities
uses: snyk/actions/docker@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: autonomys/bootstrap-node:snyk
args: --file=docker/bootstrap-node.Dockerfile
continue-on-error: true
- name: Build Gateway Docker image
run: docker build -t autonomys/gateway:snyk -f docker/gateway.Dockerfile .
- name: Run Snyk to check Docker image for vulnerabilities
uses: snyk/actions/docker@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: autonomys/gateway:snyk
args: --file=docker/gateway.Dockerfile
continue-on-error: true
- name: Post-process sarif output for security severities set to "undefined"
run: |
sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk.sarif
# Replace any "null" security severity values with 0. The undefined value is used in the case
# the NVD CVSS Score is not available.
# https://github.com/github/codeql-action/issues/2187 for more context.
- name: Post-process sarif output for security severities set to "null"
run: |
sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: snyk.sarif