CircleCi3-binary-nodeJS.yml #43
Conversation
There was a problem hiding this comment.
Looking really good, thank you @amitsnyk
I notice the return codes of snyk are eaten up in these examples (snyk-to-html will not fail if there are any issues found). This may need a additional documentation/command.
You mentioned the binary way is the best path to install Snyk, please reach out to discuss. :)
| - run: | #install Snyk CLI tool and snyk-to-html + authenticate into Snyk | ||
| curl https://static.snyk.io/cli/latest/snyk-linux -o snyk | ||
| chmod +x ./snyk | ||
| curl -L https://github.com/snyk/snyk-to-html/releases/download/v2.3.1/snyk-to-html-linux -o snyk-to-html |
There was a problem hiding this comment.
can we use latest instead of 2.3.1 here?
| @@ -0,0 +1,42 @@ | |||
| # A nodeJS circleCI script that leverages the Snyk CLI tool to conduct SCA, Code, Container, and IaC scans. HTML artifacts are generated for all the scans using snyk-to-html. | |||
There was a problem hiding this comment.
Can you please add a few more bits of info to the top of this file:
... The top of the file should contain helpful links to the documentation of the CI/CD system itself and a note on what the filename in the end should be. In the GH Actions example, the filename really should be .github/workflows/snyk.yml, for example.
Created a CiecleCI build script to conduct SCA, Code, Container, and IaC scans and generate artifacts using snyk-to-html. I opted to use the Snyk CLI binary because the orb is designed to handle SCA scans. Happy to discuss why I believe the binary is the best approach here.