Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix/replace wget for curl #22

Merged
merged 2 commits into from
Mar 27, 2020
Merged

Fix/replace wget for curl #22

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e25fcaa
docs: Typo in README
Mar 26, 2020
2c95686
fix: replace wget to curl
Mar 26, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,14 @@

Use the Snyk orb to easily incorporate Snyk into your CircleCI Workflows.

By utilizing this orb in your projects workflow, it is possible to use Snyk to test, fix and monitor your project for vulnerabilities in the app dependencies and Docker images, all with a single command. You can set thresholds for vulnerability tolerance in your app or Docker image (and fail the workflows when threshold is exceeded), apply proprietary Snyk patches, and save dependency snapshots on snyk.io for continuous monitoring and alerting.
By utilizing this orb in your project workflow, it is possible to use Snyk to test, fix and monitor your project for vulnerabilities in the app dependencies and Docker images, all with a single command. You can set thresholds for vulnerability tolerance in your app or Docker image (and fail the workflows when threshold is exceeded), apply proprietary Snyk patches, and save dependency snapshots on snyk.io for continuous monitoring and alerting.

## How to use the Snyk Orb

In fact, it is very easy to start using the Orb.
All you need to do is:

1. Follow the instructions at the [Orb Quick Start Guide](https://circleci.com/orbs/registry/orb/snyk/snyk#quick-start) to enable usage of Orbs in your projects workflow.
1. Follow the instructions at the [Orb Quick Start Guide](https://circleci.com/orbs/registry/orb/snyk/snyk#quick-start) to enable usage of Orbs in your project workflow.
2. Set up an environment variable (`SNYK_TOKEN`) with your Snyk API token, which you can get from your [account](https://app.snyk.io/account).
3. In the app build job, call the `snyk/scan`
4. Optionally, supply parameters to customize orb behaviour
Expand Down
14 changes: 7 additions & 7 deletions src/commands/scan.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ parameters:
protect:
description: Protect the app by applying patches specified in your .snyk file (after running the Snyk wizard)
type: boolean
default: false
default: false
fail-on-issues:
description: This specifies if builds should be failed or continued based on issues found by Snyk.
type: boolean
Expand All @@ -32,7 +32,7 @@ parameters:
description: The image name, if scanning a container image
type: string
default: ""
organization:
organization:
description: >
Name of the Snyk organisation name, under which this project should be tested and monitored
If omitted the default organization will be used.
Expand All @@ -56,17 +56,17 @@ parameters:
install-alpine-dependencies:
description: Install additional dependencies required by the alpine cli
type: boolean
default: true
default: true
steps:
# install snyk
- run:
- run:
name: Download Snyk CLI
command: |
if [[ ! -x "/usr/local/bin/snyk" ]]; then
if [[ "<<parameters.os>>" == "alpine" && "<<parameters.install-alpine-dependencies>>" == "true" ]]; then
apk add -q --no-progress --no-cache curl wget libstdc++ sudo
fi
curl -s https://api.github.com/repos/snyk/snyk/releases/latest | grep "browser_download_url" | grep <<parameters.os>> | cut -d '"' -f 4 | xargs wget -q
curl -s https://api.github.com/repos/snyk/snyk/releases/latest | grep "browser_download_url" | grep <<parameters.os>> | cut -d '"' -f 4 | xargs -n 1 curl -LO
sha256sum -c snyk-<<parameters.os>>.sha256
sudo mv snyk-<<parameters.os>> /usr/local/bin/snyk
sudo chmod +x /usr/local/bin/snyk
Expand All @@ -85,7 +85,7 @@ steps:
- run:
name: "Run Snyk test to scan app for vulnerabilities"
command: >
snyk test
snyk test
<<#parameters.docker-image-name>>--docker <<parameters.docker-image-name>><</parameters.docker-image-name>>
<<#parameters.severity-threshold>>--severity-threshold=<<parameters.severity-threshold>><</parameters.severity-threshold>>
<<#parameters.organization>>--org=<<parameters.organization>><</parameters.organization>>
Expand All @@ -99,7 +99,7 @@ steps:
- run:
name: "Run Snyk monitor for continuous monitoring on snyk.io"
command: >
snyk monitor
snyk monitor
<<#parameters.docker-image-name>>--docker <<parameters.docker-image-name>><</parameters.docker-image-name>>
<<#parameters.project>>--project-name=<<parameters.project>><</parameters.project>>
<<#parameters.organization>>--org=<<parameters.organization>><</parameters.organization>>
Expand Down