From 5ff59b4a115fd3b73b681ab6ee095cd8589c0880 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=BCrgen=20Romins?= Date: Mon, 8 Jan 2024 08:39:50 +0400 Subject: [PATCH] configure snyk --- .github/workflows/snyk-security.yml | 13 ++++++------- .gitignore | 1 + 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/snyk-security.yml b/.github/workflows/snyk-security.yml index 8e35222..a2a9943 100644 --- a/.github/workflows/snyk-security.yml +++ b/.github/workflows/snyk-security.yml @@ -32,13 +32,6 @@ jobs: # Snyk can be used to break the build when it detects security issues. # In this case we want to upload the SAST issues to GitHub Code Scanning uses: snyk/actions/setup@806182742461562b67788a64410098c9d9b96adb - - # For Snyk Open Source you must first set up the development environment for your application's dependencies - # For example for Node - #- uses: actions/setup-node@v3 - # with: - # node-version: 16 - env: # This is where you will need to introduce the Snyk API token created with your Snyk account SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} @@ -46,14 +39,20 @@ jobs: # Runs Snyk Code (SAST) analysis and uploads result into GitHub. # Use || true to not fail the pipeline - name: Snyk Code test + uses: snyk/actions/python-3.8@master + continue-on-error: true run: snyk code test -d --sarif > snyk-code.sarif # || true env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + args: --severity-threshold=high - name: Build a Docker image + continue-on-error: true run: docker build -t ${{ matrix.dockerfile }} . # Runs Snyk Container (Container and SCA) analysis and uploads result to Snyk. - name: Snyk Container monitor + continue-on-error: true run: snyk container monitor ${{ matrix.image }} --file=${{ matrix.dockerfile }} env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} diff --git a/.gitignore b/.gitignore index 3735a98..0082789 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,4 @@ docker-compose.yaml tmp/ wazuh_indexer_ssl_certs snyk-code.sarif +.dccache