diff --git a/.github/workflows/snyk-scans-cli.yml b/.github/workflows/snyk-scans-cli.yml new file mode 100644 index 00000000000..58232e1ea1d --- /dev/null +++ b/.github/workflows/snyk-scans-cli.yml @@ -0,0 +1,69 @@ +name: Snyk Full Platform + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + +jobs: + + snyk-os: + environment: snyk + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + - name: Install Snyk CLI + run: | + wget -O snyk https://static.snyk.io/cli/latest/snyk-linux + chmod +x ./snyk + mv ./snyk /usr/local/bin/ + - name: Authenticate and run Snyk Open Source Scan + Monitor + run: | + snyk auth ${{ secrets.SNYK_TOKEN }} + snyk test + snyk monitor + + snyk-code: + environment: snyk + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + - name: Install Snyk CLI + run: | + wget -O snyk https://static.snyk.io/cli/latest/snyk-linux + chmod +x ./snyk + mv ./snyk /usr/local/bin/ + - name: Configure and run Snyk Code Scan + run: | + snyk auth ${{ secrets.SNYK_TOKEN }} + snyk code test + + snyk-container: + environment: snyk + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + - name: Build the Docker image + run: docker build . --file Dockerfile --tag boosef-juiceshop:latest + - name: Install Snyk CLI + run: | + wget -O snyk https://static.snyk.io/cli/latest/snyk-linux + chmod +x ./snyk + mv ./snyk /usr/local/bin/ + - name: Scan and Monitor Docker Vulnerabilities + run: | + snyk auth ${{ secrets.SNYK_TOKEN }} + snyk container test juice-shop --file=Dockerfile + snyk container monitor juice-shop --file=Dockerfile + + snyk-iac: + environment: snyk + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + - name: Run and monitor Snyk to check configuration files for security issues + run: | + snyk auth ${{ secrets.SNYK_TOKEN }} + snyk iac test --report +