Daniel Gibbs
2 years ago
committed by
GitHub
GitHub
2 changed files with 55 additions and 26 deletions
@ -0,0 +1,55 @@ |
|||
# This workflow uses actions that are not certified by GitHub. |
|||
# They are provided by a third-party and are governed by |
|||
# separate terms of service, privacy policy, and support |
|||
# documentation. |
|||
|
|||
# A sample workflow which checks out the code, builds a container |
|||
# image using Docker and scans that image for vulnerabilities using |
|||
# Snyk. The results are then uploaded to GitHub Security Code Scanning |
|||
# |
|||
# For more examples, including how to limit scans to only high-severity |
|||
# issues, monitor images for newly disclosed vulnerabilities in Snyk and |
|||
# fail PR checks for new vulnerabilities, see https://github.com/snyk/actions/ |
|||
|
|||
name: Snyk Container |
|||
|
|||
on: |
|||
push: |
|||
branches: [ "main" ] |
|||
pull_request: |
|||
# The branches below must be a subset of the branches above |
|||
branches: [ "main" ] |
|||
schedule: |
|||
- cron: '45 1 * * 4' |
|||
|
|||
permissions: |
|||
contents: read |
|||
|
|||
jobs: |
|||
snyk: |
|||
permissions: |
|||
contents: read # for actions/checkout to fetch code |
|||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results |
|||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status |
|||
runs-on: ubuntu-latest |
|||
steps: |
|||
- uses: actions/checkout@v3 |
|||
- name: Build a Docker image |
|||
run: docker build -t your/image-to-test . |
|||
- name: Run Snyk to check Docker image for vulnerabilities |
|||
# Snyk can be used to break the build when it detects vulnerabilities. |
|||
# In this case we want to upload the issues to GitHub Code Scanning |
|||
continue-on-error: true |
|||
uses: snyk/actions/docker@14818c4695ecc4045f33c9cee9e795a788711ca4 |
|||
env: |
|||
# In order to use the Snyk Action you will need to have a Snyk API token. |
|||
# More details in https://github.com/snyk/actions#getting-your-snyk-token |
|||
# or you can signup for free at https://snyk.io/login |
|||
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} |
|||
with: |
|||
image: your/image-to-test |
|||
args: --file=Dockerfile |
|||
- name: Upload result to GitHub Code Scanning |
|||
uses: github/codeql-action/upload-sarif@v2 |
|||
with: |
|||
sarif_file: snyk.sarif |
|||
@ -1,26 +0,0 @@ |
|||
name: Snyk Container |
|||
on: push |
|||
jobs: |
|||
snyk: |
|||
runs-on: ubuntu-latest |
|||
steps: |
|||
- uses: actions/checkout@v2 |
|||
- name: Build a Docker image |
|||
run: docker build -t gameservermanagers/docker-steamcmd . |
|||
- name: Run Snyk to check Docker image for vulnerabilities |
|||
# Snyk can be used to break the build when it detects vulnerabilities. |
|||
# In this case we want to upload the issues to GitHub Code Scanning |
|||
continue-on-error: true |
|||
uses: snyk/actions/docker@master |
|||
env: |
|||
# In order to use the Snyk Action you will need to have a Snyk API token. |
|||
# More details in https://github.com/snyk/actions#getting-your-snyk-token |
|||
# or you can signup for free at https://snyk.io/login |
|||
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} |
|||
with: |
|||
image: gameservermanagers/docker-steamcmd |
|||
args: --file=Dockerfile |
|||
- name: Upload result to GitHub Code Scanning |
|||
uses: github/codeql-action/upload-sarif@v2 |
|||
with: |
|||
sarif_file: snyk.sarif |
|||
Loading…
Reference in new issue