Install `nvm` on jenkins builders

[grzesuav]

In order to enable snyk analysis, I would need nvm installed, to use it for install npm and snyk

[karianna]

We should identify the scope of which Docker containers we want to scan and where and when. My understanding is that we currently:

1. via openjdk-build scripts, we run the build in a docker container to test that our "build in a docker container" functionality works for users outside of Adopt (as in Adopt we currently build on 'bare metal' (or close enough to it). This functionality isn't well tested/maintained and we don't release these via our API or website.

2. via openjdk-docker we create docker builds using various linux distros as baselines and provide slim versions, full versions etc. The results of these docker builds are pushed to DockerHub

3. via openjdk-tests (and friends) we do a host of testing using underlying docker containers to host the env / tests

So my question which of these do we want to scan and when/why.

[grzesuav]

I would suggest that most beneficial would be hook it into 2. as :

• those scripts are relatively simple
• they are used to produce AdoptOpenJDK docker images

[karianna]

OK, given snyk is enabled for that repo - does that integration not check the resulting image? Or does the GitHub integration not scan containers?

[grzesuav]

github integration does not scan Dockerfiles/images

[grzesuav]

https://snyk.io/docs/github/#integration-features