Skip to content

Latest commit

 

History

History

maven

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 

Snyk Maven Task

A Tekton Task for using Snyk to check for vulnerabilities in your Maven projects.

Installation

kubectl apply -f https://raw.githubusercontent.com/garethr/snyk-tekton/master/maven/maven.yaml

You'll also need to place your Snyk API token in a Kubernetes secret.

kubectl create secret generic snyk --from-literal=token=abcd1234

Usage

You can use the Task as follows:

apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
  name: snyk-maven-example
spec:
  taskRef:
    name: snyk-maven
  workspaces:
  - name: source
    persistentVolumeClaim:
      claimName: my-source

The Snyk Maven Task has parameters which are passed to the underlying image:

Parameter Default Description
args Override the default arguments to the Snyk image
commands test Specify which command to run, for instance test or monitor
snyk-secret snyk The name of the secret which stores the Snyk API token
Workspace Description
source A Tekton Workspace containing the source code to test

For example, you can choose to only report on high severity vulnerabilities.

apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
  name: snyk-maven-example
spec:
  taskRef:
    name: snyk-maven
  params:
  - name: args
  value:
  - --severity-threshold=high
  workspaces:
  - name: source
    persistentVolumeClaim:
      claimName: my-source