fix: Dockerfile to reduce vulnerabilities #18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Prebuilt repo + Snyk Security Scanning (OS, Code, Docker, IaC) | |
# Runs 4 Snyk Products (Code, Open Source, Container, IaC) | |
# Snyk installation via npm | |
# Node.js version: 18.4 | |
# Outputs the results to the pipeline and in SARIF-format to the security tab | |
# Prerequisites: | |
# - Set a SNYK_TOKEN and a SNYK_ORG in the pipelines secrets | |
on: [push, pull_request] | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Use Node.js for installing Snyk | |
uses: actions/setup-node@v2 | |
with: | |
node-version: 18.4 | |
# Install & prepare Snyk | |
- run: npm install --location=global snyk | |
# This OPTIONAL step will configure the Snyk CLI to connect to the EU instance of Snyk | |
#- run: snyk config set use-base64-encoding=true | |
#- run: snyk config set endpoint='https://app.eu.snyk.io/api' | |
- run: snyk auth ${{ secrets.SNYK_TOKEN }} | |
- name: Snyk Monitor | |
run: snyk monitor | |
- name: Snyk Open Source Scanning | |
run: snyk test --all-projects --sarif-file-output=snyk-oss.sarif | |
continue-on-error: true | |
#- name: Upload results to GitHub Open Source Scanning | |
# uses: github/codeql-action/upload-sarif@v2 | |
# with: | |
# sarif_file: snyk-oss.sarif | |
- name: Snyk Code Scanning | |
run: snyk code test --sarif-file-output=snyk-code.sarif | |
continue-on-error: true | |
# - name: Upload results to GitHub Code Scanning | |
# uses: github/codeql-action/upload-sarif@v2 | |
# with: | |
# sarif_file: snyk-code.sarif |