Snyk Container #261

Summary
Jobs
- base-r
Run details
- Usage
- Workflow file

Workflow file for this run

	name: Snyk Container

	on:
	release:
	types: [published]
	push:
	branches: [ "main" ]
	paths:
	- "base-r/Dockerfile"
	pull_request:
	branches: [ "main" ]
	paths:
	- "base-r/Dockerfile"
	schedule:
	- cron: '30 22 * * 0'

	jobs:
	snyk:
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	config:
	- {name: base-r}
	name: ${{ matrix.config.name }}
	steps:
	- uses: actions/checkout@v4
	- name: Build docker image
	run: docker build -t ${{ matrix.config.name }} -f ./${{ matrix.config.name }}/Dockerfile ./${{ matrix.config.name }}
	- name: Run Snyk to check Docker image for vulnerabilities
	# Snyk can be used to break the build when it detects vulnerabilities.
	# In this case we want to upload the issues to GitHub Code Scanning
	continue-on-error: true
	uses: snyk/actions/docker@master
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	with:
	image: ${{ matrix.config.name }}
	args: --file=${{ matrix.config.name }}/Dockerfile --severity-threshold=high
	- name: Upload result to GitHub Code Scanning
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: snyk.sarif
	- name: Monitor image in Snyk UI
	continue-on-error: true
	uses: snyk/actions/docker@master
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	with:
	command: monitor
	image: ${{ matrix.config.name }}
	args: --file=${{ matrix.config.name }}/Dockerfile --severity-threshold=high --org=b034af62-43be-40c7-95e8-fdc56d6f3092
	- name: Accept only vulnerability levels below high
	continue-on-error: false
	uses: snyk/actions/docker@master
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	with:
	image: ${{ matrix.config.name }}
	args: --file=${{ matrix.config.name }}/Dockerfile --severity-threshold=high

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Snyk Container #261

Workflow file

Snyk Container #261

Jobs

Run details

Workflow file for this run