Implement Snyk CLI scanning #1249

Workflow file for this run

	on:
	push:
	branches:
	- main
	- dev
	pull_request:

	name: Lint Dockerfiles
	jobs:

	lint:
	runs-on: ubuntu-latest
	name: lint-${{ matrix.config.product }}-${{ matrix.config.os }}

	strategy:
	fail-fast: false
	matrix:
	config:
	- {product: 'product/base', os: 'ubuntu2204'}
	- {product: 'product/base', os: 'centos7'}
	- {product: 'product/pro', os: 'ubuntu2204'}
	- {product: 'product/pro', os: 'centos7'}
	- {product: 'workbench', os: 'ubuntu2204'}
	- {product: 'connect', os: 'ubuntu2204'}
	- {product: 'connect-content-init', os: 'ubuntu2204'}
	- {product: 'package-manager', os: 'ubuntu2204'}
	- {product: 'r-session-complete', os: 'ubuntu2204'}
	- {product: 'workbench-for-microsoft-azure-ml', os: 'ubuntu2204'}
	- {product: 'content/base', os: 'ubuntu1804'}
	- {product: 'content/base', os: 'ubuntu2204'}
	- {product: 'content/pro', os: 'ubuntu1804'}
	- {product: 'content/pro', os: 'ubuntu2204'}

	steps:
	- name: Check Out Repo
	uses: actions/checkout@v4

	- name: Run Hadolint
	uses: hadolint/[email protected]
	with:
	dockerfile: ${{ matrix.config.product }}/Dockerfile.${{ matrix.config.os }}
	config: ./hadolint.yaml

	snyk-code:
	runs-on: ubuntu-latest
	name: snyk-code

	steps:
	- name: Check Out Repo
	uses: actions/checkout@v4

	- name: Set up Just
	uses: extractions/setup-just@v2
	env:
	GITHUB_TOKEN: ${{ inputs.ghcr-token }}

	- uses: snyk/actions/setup@master

	- name: Snyk code test
	env:
	SNYK_ORG: ${{ secrets.SNYK_ORG }}
	run: \|
	just snyk-code-test

	- name: Upload results
	uses: github/codeql-action/upload-sarif@v3
	continue-on-error: true
	with:
	sarif_file: "code.sarif"
	category: "snyk-repo-code-vulnerabilities"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Implement Snyk CLI scanning #1249

Workflow file

Implement Snyk CLI scanning #1249

Jobs

Run details

Workflow file for this run