Skip to content

Commit

Permalink
Merge branch 'snyk-opensource' of https://github.com/raphabot-snyk/ju…
Browse files Browse the repository at this point in the history 
…ice-shop into snyk-opensource
  • Loading branch information
@raphabot-snyk
raphabot-snyk committed Jan 17, 2024
2 parents 6aaeaae + 22e78e8 commit 3e0cf75
Show file tree
Hide file tree
Showing 3 changed files with 90 additions and 35 deletions.
89 changes: 72 additions & 17 deletions .github/workflows/on-pr.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,18 @@ jobs:
uses: snyk/actions/node@master
continue-on-error: true
with:
args: --all-projects --org=$SNYK_ORG_ID
args: --all-projects --org=$SNYK_ORG_ID --json-file-output=oss-results.json
-
uses: actions/setup-node@v3
-
run: npm install -g snyk-to-html
-
run: cat oss-results.json | snyk-to-html > oss-results.html
-
uses: actions/upload-artifact@v3
with:
name: oss-results
path: oss-results.html

code-assessment:
needs: oss-assessment
Expand All @@ -34,26 +45,48 @@ jobs:
-
name: Run Snyk to check for Static Application Security Testing Findings
continue-on-error: true
run: snyk code test --org=$SNYK_ORG_ID
run: snyk code test --org=$SNYK_ORG_ID -json-file-output=code-results.json
-
uses: actions/setup-node@v3
-
run: npm install -g snyk-to-html
-
run: cat code-results.json | snyk-to-html > code-results.html
-
uses: actions/upload-artifact@v3
with:
name: code-results
path: code-results.html

container-assessment:
needs: code-assessment
permissions: write-all
name: Container Assessment
runs-on: ubuntu-latest
steps:
-
uses: actions/checkout@v3
-
name: Build the container image
run: docker build -t raphabot/juice-shop:test .
-
name: Run Snyk to check container image for vulnerabilities
continue-on-error: true
uses: snyk/actions/docker@master
with:
image: raphabot/juice-shop:test
args: --file=Dockerfile --org=$SNYK_ORG_ID
-
uses: actions/checkout@v3
-
name: Build the container image
run: docker build -t raphabot/juice-shop:test .
-
name: Run Snyk to check container image for vulnerabilities
continue-on-error: true
uses: snyk/actions/docker@master
with:
image: raphabot/juice-shop:test
args: --file=Dockerfile --org=$SNYK_ORG_ID --json-file-output=container-results.json
-
uses: actions/setup-node@v3
-
run: npm install -g snyk-to-html
-
run: cat container-results.json | snyk-to-html > container-results.html
-
uses: actions/upload-artifact@v3
with:
name: container-results
path: container-results.html

kubernetes-artifact-assessment:
needs: container-assessment
Expand All @@ -69,7 +102,18 @@ jobs:
continue-on-error: true
uses: snyk/actions/iac@master
with:
args: ./k8s-src --org=$SNYK_ORG_ID
args: ./k8s-src --org=$SNYK_ORG_ID --json-file-output=k8s-results.json
-
uses: actions/setup-node@v3
-
run: npm install -g snyk-to-html
-
run: cat k8s-results.json | snyk-to-html > k8s-results.html
-
uses: actions/upload-artifact@v3
with:
name: k8s-results
path: k8s-results.html

terraform-assessment:
needs: kubernetes-artifact-assessment
Expand All @@ -85,7 +129,18 @@ jobs:
run: terraform init
-
name: Run Snyk to check AWS misconfigurations in Terraform IaC
continue-on-error: true # To make sure that SARIF upload gets called
continue-on-error: true
uses: snyk/actions/iac@master
with:
args: --org=$SNYK_ORG_ID
args: --org=$SNYK_ORG_ID --json-file-output=terraform-results.json
-
uses: actions/setup-node@v3
-
run: npm install -g snyk-to-html
-
run: cat terraform-results.json | snyk-to-html > terraform-results.html
-
uses: actions/upload-artifact@v3
with:
name: terraform-results
path: terraform-results.html
34 changes: 17 additions & 17 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@
"js-yaml": "^3.14.0",
"jsonwebtoken": "0.4.0",
"jssha": "^3.1.1",
"juicy-chat-bot": "~0.6.0",
"juicy-chat-bot": "~0.6.5",
"libxmljs2": "^0.26.4",
"marsdb": "^0.6.11",
"morgan": "^1.10.0",
Expand Down

0 comments on commit 3e0cf75

Please sign in to comment.