Skip to content
Snyk Container

Update snyk-container.yml to jq #7

Sign in to view logs

Update snyk-container.yml to jq

Update snyk-container.yml to jq #7

Workflow file for this run

.github/workflows/snyk-container.yml at 914099c
name: Snyk Container
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
schedule:
- cron: '25 8 * * 3'
permissions:
contents: read
jobs:
snyk:
permissions:
contents: read
security-events: write
actions: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Build a Docker image
run: docker build -t your/image-to-test .
- name: Install Snyk CLI
run: npm install -g snyk
- name: Run Snyk to check Docker image for vulnerabilities
continue-on-error: true
run: snyk container test your/image-to-test --file=Dockerfile --sarif-file-output=snyk.sarif
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- name: Fix SARIF file with jq
run: |
cat snyk.sarif | jq '(.runs[].tool.driver.rules[] | select(.properties."security-severity" == null) | .properties."security-severity") |= 0' > fixed_snyk.sarif
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: fixed_snyk.sarif