Create snyk.sarif #57

Workflow file for this run

.github/workflows/push-to-docker-hub.yml at e8fbd05

	name: Workflow for Scala using Snyk
	on: push
	jobs:
	security1:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@master
	- name: Run Snyk to check for vulnerabilities
	uses: snyk/actions/scala@master
	continue-on-error: true # To make sure that SARIF upload gets called
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	with:
	args: --sarif-file-output=snyk.sarif
	- name: Upload result to GitHub Code Scanning
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: snyk.sarif

	image_scan:
	name: Build Image and Run Image Scan
	runs-on: ubuntu-latest

	steps:
	- name: Checkout code
	uses: actions/checkout@v2

	- name: Set up Docker
	uses: docker-practice/actions-setup-docker@v1
	with:
	docker_version: '20.10.7'

	- name: Build Docker Image
	run: docker build -f Dockerfile -t myapp:latest .

	# - name: Docker Scout Scan
	# run: \|
	# curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh -o install-scout.sh
	# sh install-scout.sh
	# docker scout quickview
	# docker scout cves
	- name: Docker Scout
	# You may pin to the exact commit or the version.
	# uses: docker/scout-action@b7413c99043c2a9131c0fa39cedaece80f285788
	uses: docker/[email protected]
	with:
	dockerhub-user: ${{ secrets.DOCKER_HUB_USERNAME }}
	# Docker Hub PAT
	dockerhub-password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
	command: quickview,cves
	only-severities: critical,high

	security2:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@master
	- name: Run Snyk to check for vulnerabilities
	uses: snyk/actions/scala@master
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

	push_to_docker_hub:
	name: Push Docker image to Docker Hub
	needs: [image_scan, security1, security2]
	# This uses the default metadata-action configuration, see https://github.com/docker/metadata-action
	# Pushes to master should build `ukwa/w3act:master`, tags should build `ukwa/w3act:TAG` and update `ukwa/w3act:latest` to refer to TAG.
	runs-on: ubuntu-latest
	steps:
	- name: Check out the repo
	uses: actions/checkout@v2
	with:
	fetch-depth: 0 # Fetch tags etc. so git describe will work
	- name: Set up Docker metadata
	id: meta
	uses: docker/metadata-action@v3
	with:
	images: ${{ github.repository }}
	- name: Set up version variable to embed in container
	run: echo "VERSION=`git describe --tags --always`" >> $GITHUB_ENV
	- name: Log in to Docker Hub
	if: github.event_name != 'pull_request'
	uses: docker/login-action@v1
	with:
	username: ${{ secrets.DOCKER_HUB_USERNAME }}
	password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
	- name: Build and push to Docker Hub
	uses: docker/build-push-action@v2
	with:
	build-args: VERSION=${{ env.VERSION }}
	push: ${{ github.event_name != 'pull_request' }}
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Create snyk.sarif #57

Workflow file

Create snyk.sarif #57

Jobs

Run details

Workflow file for this run