Snyk Securing Code, Dependencies, Containers and Infrastructure as Code
Table Of Contents
- What is Snyk
- Securing Code, Dependencies and Containers in CircleCI Pipelines
- Securing Code, Dependencies in GitHub
- Snyk in Action
- Please refer to the official documentation available at https://snyk.io/ 'So Now You Know'
- Please refer to the official documentation available at https://docs.snyk.io/integrations/ci-cd-integrations
-
Please refer to the official documentation available at https://docs.snyk.io/integrations/ci-cd-integrations/circleci-integration-overview
-
Please refer to .circleci/config.yml for more information
orbs:
snyk: snyk/snyk@1.1.2
snyk-scan:
parameters:
archive:
type: string
image:
type: string
executor: docker-publisher
steps:
- setup_remote_docker:
docker_layer_caching: true
- attach_workspace:
at: .
- run:
command: docker load -i <<parameters.archive>>
- snyk/scan:
severity-threshold: high
docker-image-name: <<parameters.image>>
fail-on-issues: true
workflows:
network-device-inventory-development-workflow:
jobs:
- snyk-scan:
name: snyk-scan-inventory
archive: service.tar
image: $CI_REGISTRY_USER/$SERVICE:latest
network-device-inventory-release-workflow:
jobs:
- snyk-scan:
name: snyk-scan-inventory
archive: service.tar
image: $CI_REGISTRY_USER/$SERVICE:latest
filters:
tags:
only: /^v.*/
branches:
ignore: /.*/
- Please refer to the official documentation for GitHub Integration
- Failed workflow(s) will not be displayed in Snyk (due to build/test failure or vulnerabilities discovery). fail-on-issues: true
In the screenshot below Snyk found 2 issues (02 active critical vulnerabilities for NGINX). The CI fail.
Run Snyk
Testing ********/*************:latest...
β Critical severity vulnerability found in pcre2/libpcre2-8-0
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-DEBIAN11-PCRE2-2808697
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre2/libpcre2-8-0@10.36-2
β Critical severity vulnerability found in pcre2/libpcre2-8-0
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-DEBIAN11-PCRE2-2808704
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre2/libpcre2-8-0@10.36-2
Organization: lyes-s
Package manager: deb
Project name: docker-image|********/*************
Docker image: ********/*************:latest
Platform: linux/amd64
Base image: nginx:1.22.0
Licenses: enabled
Tested 143 dependencies for known issues, found 2 issues.
According to our scan, you are currently using the most secure version of the selected base image
Exited with code exit status 1
CircleCI received exit code 1
Β© 2024 | Lyes Sefiane 
All Rights Reserved | CC BY-NC-ND 4.0
