diff --git a/.github/workflows/snyk-container-analysis.yml b/.github/workflows/snyk-container-analysis.yml deleted file mode 100644 index c28097166..000000000 --- a/.github/workflows/snyk-container-analysis.yml +++ /dev/null @@ -1,43 +0,0 @@ -# A sample workflow which checks out the code, builds a container -# image using Docker and scans that image for vulnerabilities using -# Snyk. The results are then uploaded to GitHub Security Code Scanning -# -# For more examples, including how to limit scans to only high-severity -# issues, monitor images for newly disclosed vulnerabilities in Snyk and -# fail PR checks for new vulnerabilities, see https://github.com/snyk/actions/ - -name: Snyk Container - -on: - push: - branches: [ master ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ master ] - schedule: - - cron: '17 20 * * 4' - -jobs: - snyk: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Build a Docker image - run: docker build -t your/image-to-test . - - name: Run Snyk to check Docker image for vulnerabilities - # Snyk can be used to break the build when it detects vulnerabilities. - # In this case we want to upload the issues to GitHub Code Scanning - continue-on-error: true - uses: snyk/actions/docker@master - env: - # In order to use the Snyk Action you will need to have a Snyk API token. - # More details in https://github.com/snyk/actions#getting-your-snyk-token - # or you can signup for free at https://snyk.io/login - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - image: your/image-to-test - args: --file=Dockerfile - - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: snyk.sarif diff --git a/.github/workflows/snyk-infrastructure-analysis.yml b/.github/workflows/snyk-infrastructure-analysis.yml deleted file mode 100644 index d0242046b..000000000 --- a/.github/workflows/snyk-infrastructure-analysis.yml +++ /dev/null @@ -1,42 +0,0 @@ -# A sample workflow which checks out your Infrastructure as Code Configuration files, -# such as Kubernetes, Helm & Terraform and scans them for any security issues. -# The results are then uploaded to GitHub Security Code Scanning -# -# For more examples, including how to limit scans to only high-severity issues -# and fail PR checks, see https://github.com/snyk/actions/ - -name: Snyk Infrastructure as Code - -on: - push: - branches: [ master ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ master ] - schedule: - - cron: '38 15 * * 6' - -jobs: - snyk: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Run Snyk to check configuration files for security issues - # Snyk can be used to break the build when it detects security issues. - # In this case we want to upload the issues to GitHub Code Scanning - continue-on-error: true - uses: snyk/actions/iac@master - env: - # In order to use the Snyk Action you will need to have a Snyk API token. - # More details in https://github.com/snyk/actions#getting-your-snyk-token - # or you can signup for free at https://snyk.io/login - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - # Add the path to the configuration file that you would like to test. - # For example `deployment.yaml` for a Kubernetes deployment manifest - # or `main.tf` for a Terraform configuration file - file: your-file-to-test.yaml - - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: snyk.sarif