Test container using Snyk (#240)

pmarques · Dec 8, 2024 · a81cd85 · a81cd85
2 parents 571f02c + e998ea4
commit a81cd85
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/.github/workflows/docker-hub.yml b/.github/workflows/docker-hub.yml
@@ -76,3 +76,20 @@ jobs:
 
       - name: Image digest
         run: echo ${{ steps.docker_build.outputs.digest }}
+
+      - name: Run Snyk to check Docker image for vulnerabilities
+        continue-on-error: true
+        uses: snyk/actions/docker@b98d498629f1c368650224d6d212bf7dfa89e4bf #v0.4.0
+        env:
+          # In order to use the Snyk Action you will need to have a Snyk API token.
+          # More details in https://github.com/snyk/actions#getting-your-snyk-token
+          # or you can signup for free at https://snyk.io/login
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: ghcr.io/${{ github.repository }}/ghcr-test:${{ github.sha }}
+          args: --file=Dockerfile
+
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1
+        with:
+          sarif_file: snyk.sarif