Skip to content
Snyk Scan

feat: bitbucket cloud support - RK-19712 #293

Sign in to view logs

feat: bitbucket cloud support - RK-19712

feat: bitbucket cloud support - RK-19712 #293

Workflow file for this run

.github/workflows/snyk.yaml at 9aec7a4
name: Snyk Scan
on:
pull_request:
branches: ["main"]
permissions:
contents: read
jobs:
snyk-container:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v4
with:
go-version: "1.20"
cache: true
- uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v2
- name: Build Docker Image without push
uses: docker/build-push-action@v4
with:
context: .
push: false
tags: rookout/piper:latest
cache-from: type=gha
cache-to: type=gha,mode=max
load: true
- name: Run Snyk to check Docker image for vulnerabilities
uses: snyk/actions/docker@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: rookout/piper:latest
args: --file=Dockerfile --severity-threshold=high --sarif-file-output=snyk.sarif
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: snyk.sarif
snyk-golang:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v4
with:
go-version: "1.20"
cache: true
- name: Run Snyk to check for vulnerabilities
uses: snyk/actions/golang@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --sarif-file-output=snyk.sarif --severity-threshold=high
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: snyk.sarif