Remove snyk and use docker lint

mjanez · Sep 14, 2023 · a7c9e4c · a7c9e4c
1 parent d60b620
commit a7c9e4c
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 51 deletions.
diff --git a/.github/workflows/docker-dev.yaml b/.github/workflows/docker-dev.yaml
@@ -53,33 +53,4 @@ jobs:
  tags: ${{ steps.meta.outputs.tags }}
  labels: ${{ steps.meta.outputs.labels }}
  context: ${{ env.CONTEXT }}
- file: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}
-
- scan_docker_image:
- permissions: write-all
- runs-on: ubuntu-latest
- needs: [ docker ]
- steps:
- - name: Checkout 
- uses: actions/checkout@v4
-
- - name: Log in to the Container registry
- uses: docker/login-action@v3
- with:
- registry: ${{ env.REGISTRY }}
- username: ${{ github.actor }}
- password: ${{ secrets.GITHUB_TOKEN }}
-
- - name: Scan Docker image
- uses: snyk/actions/docker@master
- continue-on-error: true
- with:
- image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- args: --file=Dockerfile --severity-threshold=high --sarif-file-output=snyk.sarif
- env:
- SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-
- - name: Upload Snyk report as sarif
- uses: github/codeql-action/upload-sarif@v2
- with:
- sarif_file: snyk.sarif
+ file: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}
diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
@@ -60,26 +60,13 @@ jobs:
  runs-on: ubuntu-latest
  needs: [ docker ]
  steps:
- - name: Checkout 
- uses: actions/checkout@v4
-
- - name: Log in to the Container registry
- uses: docker/login-action@v3
- with:
- registry: ${{ env.REGISTRY }}
- username: ${{ github.actor }}
- password: ${{ secrets.GITHUB_TOKEN }}
-
- - name: Scan Docker image
- uses: snyk/actions/docker@master
+ - name: Scan & lint image
+ uses: ISID/[email protected]
  continue-on-error: true
  with:
- image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- args: --file=Dockerfile --severity-threshold=high --sarif-file-output=snyk.sarif
- env:
- SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-
- - name: Upload Snyk report as sarif
- uses: github/codeql-action/upload-sarif@v2
- with:
- sarif_file: snyk.sarif
+ tag: ${{ env.IMAGE_NAME }}
+ path: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}
+ dockerfile: ${{ env.DOCKERFILE }}
+ hadolint-severity: error
+ dockle-severity: FATAL
+ trivy-severity: HIGH,CRITICAL