chore: Add snyk docker scanning feature #289
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
grzesuav
force-pushed
the
snyk_docker_scanning
branch
from
a5f0b7c
to
44b0cd5
Compare
|
For now added simple script to check existence and load |
|
@grzesuav Will need a rebase. |
grzesuav
force-pushed
the
snyk_docker_scanning
branch
6 times, most recently
from
169039a
to
4910bbb
Compare
|
@grzesuav https://travis-ci.com/github/AdoptOpenJDK/openjdk-docker/jobs/297127853 seems to fail (some of the 13 builds passed OK). Might need to dig in if Snyk is causing errors downstream for some reason. |
grzesuav
force-pushed
the
snyk_docker_scanning
branch
2 times, most recently
from
c04ff51
to
91bd58a
Compare
|
not sure why build is failing as it happens after snyk is installed. For now I haven;t even try to scan anything, will try to debug tommorow |
grzesuav
force-pushed
the
snyk_docker_scanning
branch
7 times, most recently
from
5b3aa36
to
419d5c8
Compare
|
@grzesuav It's now passed the tests, so I guess you can take out the debug and try again? |
grzesuav
force-pushed
the
snyk_docker_scanning
branch
5 times, most recently
from
9ec0ca1
to
8e9a6d3
Compare
grzesuav
force-pushed
the
snyk_docker_scanning
branch
2 times, most recently
from
793e082
to
d294c75
Compare
|
@grzesuav - I think this is good? |
grzesuav
force-pushed
the
snyk_docker_scanning
branch
from
d294c75
to
702fc08
Compare
grzesuav
force-pushed
the
snyk_docker_scanning
branch
from
702fc08
to
a548239
Compare
karianna
requested changes
Mar 25, 2020
| done | ||
| local tags=("${@[@]}") # copy arguments to local array | ||
| for i in "${tags[@]}" | ||
| do |
|
|
||
| printf -v expanded_tags "-t ${repo}:%s " "${tags[@]}" # concatenate to single strin : -t repo:tag -t repo:tag2 |
| for i in "${tags[@]}" | ||
| do | ||
| printf "...scanning %s" "${tags[$i]}" | ||
| snyk test --docker "${tags[$i]}" --file=="${dockerfile}" |
| #!/usr/bin/env bash | ||
| if [ -z "${SNYK_AUTH_TOKEN}" ];then | ||
| printf "Snyk authentication token not set, skipping snyk analysis" | ||
| return |
|
|
||
| snyk auth "${SNYK_AUTH_TOKEN}" | ||
|
|
||
|
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
For testing adoptium/infrastructure#779