@@ -111,53 +111,56 @@ jobs:
111111 run : |
112112 docker run --rm ${{ env.IMAGE_NAME }}:test make test
113113
114- security :
115- name : " Snyk Container"
116- runs-on : ubuntu-24.04
117- needs : build
118- permissions :
119- actions : read
120- contents : read
121- security-events : write
122- steps :
123- - uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
124- - name : Download artifact
125- uses : actions/download-artifact@v4
126- with :
127- name : ${{ env.ARTIFACT_NAME }}_prod
128- path : /tmp/
129-
130- - name : Load image
131- run : |
132- docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
133- docker image ls -a
114+ # yamllint disable rule:line-length
115+ # security:
116+ # name: "Snyk Container"
117+ # runs-on: ubuntu-24.04
118+ # needs: build
119+ # permissions:
120+ # actions: read
121+ # contents: read
122+ # security-events: write
123+ # steps:
124+ # - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
125+ # - name: Download artifact
126+ # uses: actions/download-artifact@v4
127+ # with:
128+ # name: ${{ env.ARTIFACT_NAME }}_prod
129+ # path: /tmp/
130+
131+ # - name: Load image
132+ # run: |
133+ # docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
134+ # docker image ls -a
135+
136+ # - name: Run Snyk to check Docker image for vulnerabilities
137+ # # Snyk can be used to break the build when it detects vulnerabilities.
138+ # # In this case we want to upload the issues to GitHub Code Scanning
139+ # continue-on-error: true
140+ # uses: snyk/actions/docker@master
141+ # env:
142+ # # yamllint disable rule:line-length
143+ # # In order to use the Snyk Action you will need to have a Snyk API token.
144+ # # See https://docs.snyk.io/integrations/ci-cd-integrations/github-actions-integration#getting-your-snyk-token
145+ # # or you can sign up for free at https://snyk.io/login
146+ # # yamllint enable rule:line-length
147+ # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
148+ # with:
149+ # image: ${{ env.IMAGE_NAME }}:${{ github.sha }}
150+ # args: --file=Dockerfile
151+ # # yamllint disable rule:line-length
152+ # # https://github.com/github/codeql-action/issues/2187#issuecomment-2043220400
153+ # - name: Replace security-severity undefined for license-related findings
154+ # run: |
155+ # sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk.sarif
156+ # sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif
157+ # # yamllint enable rule:line-length
158+ # - name: Upload result to GitHub Code Scanning
159+ # uses: github/codeql-action/upload-sarif@v3
160+ # with:
161+ # sarif_file: 'snyk.sarif'
162+ # yamllint enable rule:line-length
134163
135- name : Run Snyk to check Docker image for vulnerabilities
136- # Snyk can be used to break the build when it detects vulnerabilities.
137- # In this case we want to upload the issues to GitHub Code Scanning
138- continue-on-error : true
139- uses : snyk/actions/docker@master
140- env :
141- # yamllint disable rule:line-length
142- # In order to use the Snyk Action you will need to have a Snyk API token.
143- # See https://docs.snyk.io/integrations/ci-cd-integrations/github-actions-integration#getting-your-snyk-token
144- # or you can sign up for free at https://snyk.io/login
145- # yamllint enable rule:line-length
146- SNYK_TOKEN : ${{ secrets.SNYK_TOKEN }}
147- with :
148- image : ${{ env.IMAGE_NAME }}:${{ github.sha }}
149- args : --file=Dockerfile
150- # yamllint disable rule:line-length
151- # https://github.com/github/codeql-action/issues/2187#issuecomment-2043220400
152- - name : Replace security-severity undefined for license-related findings
153- run : |
154- sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk.sarif
155- sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif
156- # yamllint enable rule:line-length
157- - name : Upload result to GitHub Code Scanning
158- uses : github/codeql-action/upload-sarif@v3
159- with :
160- sarif_file : ' snyk.sarif'
161164 scan :
162165 name : " Trivy"
163166 runs-on : ubuntu-24.04
0 commit comments