@@ -110,49 +110,51 @@ jobs:
110110 run : |
111111 docker run --rm ${{ env.IMAGE_NAME }}:test make test
112112
113- security :
114- name : " Snyk Container"
115- runs-on : ubuntu-24.04
116- needs : build
117- steps :
118- - uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
119- - name : Download artifact
120- uses : actions/download-artifact@v4
121- with :
122- name : ${{ env.ARTIFACT_NAME }}_prod
123- path : /tmp/
124-
125- - name : Load image
126- run : |
127- docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
128- docker image ls -a
129-
130- name : Run Snyk to check Docker image for vulnerabilities
131- # Snyk can be used to break the build when it detects vulnerabilities.
132- # In this case we want to upload the issues to GitHub Code Scanning
133- continue-on-error : true
134- uses : snyk/actions/docker@master
135- env :
136- # yamllint disable rule:line-length
137- # In order to use the Snyk Action you will need to have a Snyk API token.
138- # See https://docs.snyk.io/integrations/ci-cd-integrations/github-actions-integration#getting-your-snyk-token
139- # or you can sign up for free at https://snyk.io/login
140- # yamllint enable rule:line-length
141- SNYK_TOKEN : ${{ secrets.SNYK_TOKEN }}
142- with :
143- image : ${{ env.IMAGE_NAME }}:${{ github.sha }}
144- args : --file=Dockerfile
145- # yamllint disable rule:line-length
146- # https://github.com/github/codeql-action/issues/2187#issuecomment-2043220400
147- - name : Replace security-severity undefined for license-related findings
148- run : |
149- sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk.sarif
150- sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif
151- # yamllint enable rule:line-length
152- - name : Upload result to GitHub Code Scanning
153- uses : github/codeql-action/upload-sarif@v3
154- with :
155- sarif_file : ' snyk.sarif'
113+ # yamllint disable rule:line-length
114+ # security:
115+ # name: "Snyk Container"
116+ # runs-on: ubuntu-24.04
117+ # needs: build
118+ # steps:
119+ # - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
120+ # - name: Download artifact
121+ # uses: actions/download-artifact@v4
122+ # with:
123+ # name: ${{ env.ARTIFACT_NAME }}_prod
124+ # path: /tmp/
125+
126+ # - name: Load image
127+ # run: |
128+ # docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
129+ # docker image ls -a
130+
131+ # - name: Run Snyk to check Docker image for vulnerabilities
132+ # # Snyk can be used to break the build when it detects vulnerabilities.
133+ # # In this case we want to upload the issues to GitHub Code Scanning
134+ # continue-on-error: true
135+ # uses: snyk/actions/docker@master
136+ # env:
137+ # # yamllint disable rule:line-length
138+ # # In order to use the Snyk Action you will need to have a Snyk API token.
139+ # # See https://docs.snyk.io/integrations/ci-cd-integrations/github-actions-integration#getting-your-snyk-token
140+ # # or you can sign up for free at https://snyk.io/login
141+ # # yamllint enable rule:line-length
142+ # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
143+ # with:
144+ # image: ${{ env.IMAGE_NAME }}:${{ github.sha }}
145+ # args: --file=Dockerfile
146+ # # yamllint disable rule:line-length
147+ # # https://github.com/github/codeql-action/issues/2187#issuecomment-2043220400
148+ # - name: Replace security-severity undefined for license-related findings
149+ # run: |
150+ # sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk.sarif
151+ # sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif
152+ # # yamllint enable rule:line-length
153+ # - name: Upload result to GitHub Code Scanning
154+ # uses: github/codeql-action/upload-sarif@v3
155+ # with:
156+ # sarif_file: 'snyk.sarif'
157+ # yamllint enable rule:line-length
156158 scan :
157159 name : " Trivy"
158160 runs-on : ubuntu-24.04
0 commit comments