Skip to content
Example workflow for Docker using Snyk

[Snyk] Security upgrade node from 18.13.0 to 18.20.5 #91

Sign in to view logs

[Snyk] Security upgrade node from 18.13.0 to 18.20.5

[Snyk] Security upgrade node from 18.13.0 to 18.20.5 #91

Workflow file for this run

.github/workflows/synk-docker.yml at 26237f7
name: Example workflow for Docker using Snyk
on:
push:
pull_request:
jobs:
security:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Build a Docker image
run: docker build -t nodejs-goof:latest .
- name: Run Snyk to check Docker image for vulnerabilities
continue-on-error: true
uses: snyk/actions/docker@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: nodejs-goof:latest
args: --file=Dockerfile
- name: Replace security-severity undefined for license-related findings
run: "sed -i 's/\"security-severity\": \"null\"/\"security-severity\": \"0\"/g' snyk.sarif"
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: snyk.sarif