@@ -109,53 +109,56 @@ jobs:
109109 run : |
110110 docker run --rm ${{ env.IMAGE_NAME }}:test make test
111111
112- security :
113- name : " Snyk Container"
114- runs-on : ubuntu-24.04
115- needs : build
116- permissions :
117- actions : read
118- contents : read
119- security-events : write
120- steps :
121- - uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
122- - name : Download artifact
123- uses : actions/download-artifact@v4
124- with :
125- name : ${{ env.ARTIFACT_NAME }}_prod
126- path : /tmp/
127-
128- - name : Load image
129- run : |
130- docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
131- docker image ls -a
112+ # yamllint disable rule:line-length
113+ # security:
114+ # name: "Snyk Container"
115+ # runs-on: ubuntu-24.04
116+ # needs: build
117+ # permissions:
118+ # actions: read
119+ # contents: read
120+ # security-events: write
121+ # steps:
122+ # - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
123+ # - name: Download artifact
124+ # uses: actions/download-artifact@v4
125+ # with:
126+ # name: ${{ env.ARTIFACT_NAME }}_prod
127+ # path: /tmp/
128+
129+ # - name: Load image
130+ # run: |
131+ # docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
132+ # docker image ls -a
133+
134+ # - name: Run Snyk to check Docker image for vulnerabilities
135+ # # Snyk can be used to break the build when it detects vulnerabilities.
136+ # # In this case we want to upload the issues to GitHub Code Scanning
137+ # continue-on-error: true
138+ # uses: snyk/actions/docker@master
139+ # env:
140+ # # yamllint disable rule:line-length
141+ # # In order to use the Snyk Action you will need to have a Snyk API token.
142+ # # See https://docs.snyk.io/integrations/ci-cd-integrations/github-actions-integration#getting-your-snyk-token
143+ # # or you can sign up for free at https://snyk.io/login
144+ # # yamllint enable rule:line-length
145+ # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
146+ # with:
147+ # image: ${{ env.IMAGE_NAME }}:${{ github.sha }}
148+ # args: --file=Dockerfile
149+ # # yamllint disable rule:line-length
150+ # # https://github.com/github/codeql-action/issues/2187#issuecomment-2043220400
151+ # - name: Replace security-severity undefined for license-related findings
152+ # run: |
153+ # sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk.sarif
154+ # sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif
155+ # # yamllint enable rule:line-length
156+ # - name: Upload result to GitHub Code Scanning
157+ # uses: github/codeql-action/upload-sarif@v3
158+ # with:
159+ # sarif_file: "snyk.sarif"
160+ # yamllint enable rule:line-length
132161
133- name : Run Snyk to check Docker image for vulnerabilities
134- # Snyk can be used to break the build when it detects vulnerabilities.
135- # In this case we want to upload the issues to GitHub Code Scanning
136- continue-on-error : true
137- uses : snyk/actions/docker@master
138- env :
139- # yamllint disable rule:line-length
140- # In order to use the Snyk Action you will need to have a Snyk API token.
141- # See https://docs.snyk.io/integrations/ci-cd-integrations/github-actions-integration#getting-your-snyk-token
142- # or you can sign up for free at https://snyk.io/login
143- # yamllint enable rule:line-length
144- SNYK_TOKEN : ${{ secrets.SNYK_TOKEN }}
145- with :
146- image : ${{ env.IMAGE_NAME }}:${{ github.sha }}
147- args : --file=Dockerfile
148- # yamllint disable rule:line-length
149- # https://github.com/github/codeql-action/issues/2187#issuecomment-2043220400
150- - name : Replace security-severity undefined for license-related findings
151- run : |
152- sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk.sarif
153- sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif
154- # yamllint enable rule:line-length
155- - name : Upload result to GitHub Code Scanning
156- uses : github/codeql-action/upload-sarif@v3
157- with :
158- sarif_file : " snyk.sarif"
159162 scan :
160163 name : " Trivy"
161164 runs-on : ubuntu-24.04
0 commit comments