forked from snyk-labs/nodejs-goof
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
5a4f50e
commit 555afae
Showing
1 changed file
with
98 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,98 @@ | ||
| # Runs 4 Snyk Products (Code, Open Source, Container, IaC) | ||
| # Outputs the results to the pipeline | ||
|
|
||
| # Prerequisites: | ||
| # - Set a SNYK_TOKEN in the pipelines secrets | ||
| # - Install the HTML viewer extension | ||
| # https://marketplace.visualstudio.com/items?itemName=JakubRumpca.azure-pipelines-html-report | ||
|
|
||
| # NOTE: Change this to a different pool to run the scripts. | ||
| pool: sebsnyk.pool | ||
|
|
||
| steps: | ||
| - checkout: self | ||
|
|
||
| # .. your instructions on building the app or preparing the repository | ||
|
|
||
| # install & prepare snyk | ||
| - script: | | ||
| npm install -g snyk snyk-to-html | ||
| # This OPTIONAL step will configure the Snyk CLI to connect to the EU or AU instance of Snyk. | ||
| # Docs: https://docs.snyk.io/more-info/data-residency-at-snyk#cli-and-ci-pipelines-urls | ||
| # snyk config set endpoint='https://app.eu.snyk.io/api' | ||
| # snyk config set endpoint='https://app.au.snyk.io/api' | ||
| snyk auth $(SNYK_TOKEN) | ||
| # explicitly allow scripts to continue if errors occur | ||
| set +e | ||
| displayName: 'snyk install & auth' | ||
| # snyk code | ||
| - script: | | ||
| snyk code test --severity-threshold=high | ||
| RESULT=$? | ||
| snyk-to-html -o $(Build.ArtifactStagingDirectory)/results-code.html < results.sarif | ||
| exit $RESULT | ||
| continueOnError: false | ||
| displayName: 'snyk code' | ||
| # snyk open source | ||
| - script: | | ||
| snyk test --severity-threshold=critical | ||
| RESULT=$? | ||
| snyk-to-html -o $(Build.ArtifactStagingDirectory)/results-open-source.html < results.json | ||
| exit $RESULT | ||
| continueOnError: false | ||
| displayName: 'snyk open source' | ||
| # snyk container | ||
| # NOTE: Change the image name | ||
| - script: | | ||
| snyk container test --severity-threshold=critical | ||
| RESULT=$? | ||
| snyk-to-html -o $(Build.ArtifactStagingDirectory)/results-container.html < results.json | ||
| exit $RESULT | ||
| continueOnError: false | ||
| displayName: 'snyk container' | ||
| # snyk iac | ||
| - script: | | ||
| snyk iac test --severity-threshold=critical | ||
| RESULT=$? | ||
| snyk-to-html -o $(Build.ArtifactStagingDirectory)/results-iac.html < results.json | ||
| exit $RESULT | ||
| continueOnError: false | ||
| displayName: 'snyk iac' | ||
| - task: PublishHtmlReport@1 | ||
| condition: succeededOrFailed() | ||
| inputs: | ||
| reportDir: $(Build.ArtifactStagingDirectory)/results-code.html | ||
| tabName: 'Snyk Code' | ||
|
|
||
| - task: PublishHtmlReport@1 | ||
| condition: succeededOrFailed() | ||
| inputs: | ||
| reportDir: $(Build.ArtifactStagingDirectory)/results-open-source.html | ||
| tabName: 'Snyk Open Source' | ||
|
|
||
| - task: PublishHtmlReport@1 | ||
| condition: succeededOrFailed() | ||
| inputs: | ||
| reportDir: $(Build.ArtifactStagingDirectory)/results-container.html | ||
| tabName: 'Snyk Container' | ||
|
|
||
| - task: PublishHtmlReport@1 | ||
| condition: succeededOrFailed() | ||
| inputs: | ||
| reportDir: $(Build.ArtifactStagingDirectory)/results-iac.html | ||
| tabName: 'Snyk IaC' | ||
|
|
||
| - task: PublishBuildArtifacts@1 | ||
| inputs: | ||
| pathToPublish: '$(Build.ArtifactStagingDirectory)' | ||
| artifactName: Snyk Reports | ||
|
|