Skip to content
This repository has been archived by the owner on Jul 20, 2022. It is now read-only.

Commit

Permalink
ci: Scanning with Snyk (#13)
Browse files Browse the repository at this point in the history
  • Loading branch information
@lholota
lholota authored Jul 27, 2020
1 parent ecb9681 commit 3f9aa41
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 3 deletions.
9 changes: 8 additions & 1 deletion .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,4 +36,11 @@ jobs:
uses: phonito/phonito-scanner-action@master
with:
image: ${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.docker_tag }}
phonito-token: '${{ secrets.PHONITO_TOKEN }}'
phonito-token: '${{ secrets.PHONITO_TOKEN }}'

- name: Scan with Snyk
uses: snyk/actions/[email protected]
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: ${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.docker_tag }}
7 changes: 7 additions & 0 deletions .github/workflows/ci_cd.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,13 @@ jobs:
image: ${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }}
phonito-token: '${{ secrets.PHONITO_TOKEN }}'

- name: Scan with Snyk
uses: snyk/actions/[email protected]
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: ${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }}

- name: "Tag image as latest"
if: env.RELEASE_VERSION != ''
run: "docker tag $IMAGE_NAME:$RELEASE_VERSION $IMAGE_NAME:latest"
Expand Down
9 changes: 8 additions & 1 deletion .github/workflows/regular_scan.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,11 @@ jobs:
uses: phonito/phonito-scanner-action@master
with:
image: ${{ env.IMAGE_NAME }}:latest
phonito-token: '${{ secrets.PHONITO_TOKEN }}'
phonito-token: '${{ secrets.PHONITO_TOKEN }}'

- name: Scan with Snyk
uses: snyk/actions/[email protected]
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: ${{ env.IMAGE_NAME }}:latest
2 changes: 1 addition & 1 deletion SECURITY.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,6 @@ Known security issues will be published in GitHub repository's Security / Securi

## Automated processes

The Docker image is scanned for vulnerabilities every 24 hours using [Phonito.io](https://phonito.io/?b=a). You can see the scan status under the actions tab / Regular Docker image vulnerability scan.
The Docker image is scanned for vulnerabilities every 24 hours using [Phonito.io](https://phonito.io/?b=a) and [Snyk](https://snyk.io). You can see the scan status under the actions tab / Regular Docker image vulnerability scan.

The dependencies are automatically scanned using [Dependabot](https://dependabot.com/). Dependencies are regularly updated. You can check for pending dependency updates by listing open Pull requests with the "dependencies" label.

0 comments on commit 3f9aa41

Please sign in to comment.