Skip to content

Commit

Permalink
Remove snyk and use docker lint
Browse files Browse the repository at this point in the history
  • Loading branch information
mjanez committed Sep 14, 2023
1 parent d60b620 commit a7c9e4c
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 51 deletions.
31 changes: 1 addition & 30 deletions .github/workflows/docker-dev.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -53,33 +53,4 @@ jobs:
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
context: ${{ env.CONTEXT }}
file: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}

scan_docker_image:
permissions: write-all
runs-on: ubuntu-latest
needs: [ docker ]
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Scan Docker image
uses: snyk/actions/docker@master
continue-on-error: true
with:
image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
args: --file=Dockerfile --severity-threshold=high --sarif-file-output=snyk.sarif
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

- name: Upload Snyk report as sarif
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: snyk.sarif
file: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}
29 changes: 8 additions & 21 deletions .github/workflows/docker.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -60,26 +60,13 @@ jobs:
runs-on: ubuntu-latest
needs: [ docker ]
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Scan Docker image
uses: snyk/actions/docker@master
- name: Scan & lint image
uses: ISID/[email protected]
continue-on-error: true
with:
image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
args: --file=Dockerfile --severity-threshold=high --sarif-file-output=snyk.sarif
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

- name: Upload Snyk report as sarif
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: snyk.sarif
tag: ${{ env.IMAGE_NAME }}
path: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}
dockerfile: ${{ env.DOCKERFILE }}
hadolint-severity: error
dockle-severity: FATAL
trivy-severity: HIGH,CRITICAL

0 comments on commit a7c9e4c

Please sign in to comment.