[Snyk] Security upgrade npmconf from 0.0.24 to 2.1.3 #275
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker Image CI including Snyk Security Scanning | |
on: | |
push: | |
branches: [ master ] | |
pull_request: | |
branches: [ master ] | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
env: | |
container_image: nodejs-goof:latest | |
strategy: | |
matrix: | |
node-version: [12.x] | |
# See supported Node.js release schedule at https://nodejs.org/en/about/releases/ | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Use Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v2 | |
with: | |
node-version: ${{ matrix.node-version }} | |
cache: 'npm' | |
- run: npm install | |
- run: npm i -g snyk | |
- run: snyk auth ${{ secrets.SNYK_TOKEN }} | |
- name: Snyk Open Source Scanning | |
run: snyk test --org=github-dfl --sarif-file-output=snyk-oss.sarif | |
continue-on-error: true | |
- name: Upload result to GitHub Security Center | |
uses: github/codeql-action/upload-sarif@v1 | |
with: | |
sarif_file: snyk-oss.sarif | |
- name: Snyk Code Scanning | |
run: snyk code test --org=github-dfl --sarif-file-output=snyk-code.sarif | |
continue-on-error: true | |
- name: Upload result to GitHub Security Center | |
uses: github/codeql-action/upload-sarif@v1 | |
with: | |
sarif_file: snyk-code.sarif | |
- name: Build the Docker image | |
run: docker build . --file Dockerfile --tag $container_image | |
- name: Snyk Container Scanning | |
run: snyk container test --org=github-dfl --file=Dockerfile --sarif-file-output=snyk-container.sarif $container_image | |
continue-on-error: true | |
- name: Upload result to GitHub Security Center | |
uses: github/codeql-action/upload-sarif@v1 | |
with: | |
sarif_file: snyk-container.sarif | |
- name: Snyk Infrastructure-as-Code Scanning | |
run: snyk iac test --org=github-dfl --sarif-file-output=snyk-iac.sarif | |
continue-on-error: true | |
- name: Upload result to GitHub Security Center | |
uses: github/codeql-action/upload-sarif@v1 | |
with: | |
sarif_file: snyk-iac.sarif |