Difference between revisions of "Snyk"
Jump to navigation
Jump to search
| Line 15: | Line 15: | ||
steps: | steps: | ||
- name: Checkout code | - name: Checkout code | ||
| − | uses: actions/checkout@v2 | + | uses: [[actions/checkout]]@v2 |
- name: Set up Snyk | - name: Set up Snyk | ||
| − | uses: snyk/actions/setup@v2 | + | uses: [[snyk/actions/setup]]@v2 |
- name: Run Snyk scan | - name: Run Snyk scan | ||
| − | run: snyk container test --all-projects | + | run: [[snyk container test]] --all-projects |
env: | env: | ||
SNYK_TOKEN: ${{{{ secrets.SNYK_TOKEN }}}} | SNYK_TOKEN: ${{{{ secrets.SNYK_TOKEN }}}} | ||
Revision as of 11:24, 8 November 2024
This article is a Draft. Help us to complete it.
wikipedia:Snyk (2015 London) provides both an open-source and commercial vulnerability scanning service for container images.
AWS Inspector: "scoreSource": "SNYK"
Example
name: Snyk Container Scan
on: [push]
jobs:
snyk_scan:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up Snyk
uses: snyk/actions/setup@v2
- name: Run Snyk scan
run: snyk container test --all-projects
env:
SNYK_TOKEN: ${{{{ secrets.SNYK_TOKEN }}}}
Related
See also
docker scan- Container scanning, AWS ECR security image scanning, Docker Scout, dependabot, Grype, Coguard
- CVE, CWE, CVSS, Mitre, NVD, Log4Shell, Dirty Pipe, GHSA, RHSA
- Software Composition Analysis (SCA): Flexera, FOSSA, GitLab Ultimate, JFrog Xray, Snyk, Sonatype, Synopsys: Black Duck, Veracode, WhiteHat Security, WhiteSource, Bill of Materials (BOM), Semgrep, Clair
Advertising:
