forked from snyk-labs/nodejs-goof
-
Notifications
You must be signed in to change notification settings - Fork 0
98 lines (79 loc) · 2.92 KB
/
aws.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# Runs 4 Snyk Products (Code, Open Source, Container, IaC)
# Outputs the results to the pipeline
# Prerequisites:
# - Set a SNYK_TOKEN in the pipelines secrets
# - Install the HTML viewer extension
# https://marketplace.visualstudio.com/items?itemName=JakubRumpca.azure-pipelines-html-report
# NOTE: Change this to a different pool to run the scripts.
pool: sebsnyk.pool
steps:
- checkout: self
# .. your instructions on building the app or preparing the repository
# install & prepare snyk
- script: |
npm install -g snyk snyk-to-html
# This OPTIONAL step will configure the Snyk CLI to connect to the EU or AU instance of Snyk.
# Docs: https://docs.snyk.io/more-info/data-residency-at-snyk#cli-and-ci-pipelines-urls
# snyk config set endpoint='https://app.eu.snyk.io/api'
# snyk config set endpoint='https://app.au.snyk.io/api'
snyk auth $(SNYK_TOKEN)
# explicitly allow scripts to continue if errors occur
set +e
displayName: 'snyk install & auth'
# snyk code
- script: |
snyk code test --severity-threshold=high
RESULT=$?
snyk-to-html -o $(Build.ArtifactStagingDirectory)/results-code.html < results.sarif
exit $RESULT
continueOnError: false
displayName: 'snyk code'
# snyk open source
- script: |
snyk test --severity-threshold=critical
RESULT=$?
snyk-to-html -o $(Build.ArtifactStagingDirectory)/results-open-source.html < results.json
exit $RESULT
continueOnError: false
displayName: 'snyk open source'
# snyk container
# NOTE: Change the image name
- script: |
snyk container test --severity-threshold=critical
RESULT=$?
snyk-to-html -o $(Build.ArtifactStagingDirectory)/results-container.html < results.json
exit $RESULT
continueOnError: false
displayName: 'snyk container'
# snyk iac
- script: |
snyk iac test --severity-threshold=critical
RESULT=$?
snyk-to-html -o $(Build.ArtifactStagingDirectory)/results-iac.html < results.json
exit $RESULT
continueOnError: false
displayName: 'snyk iac'
- task: PublishHtmlReport@1
condition: succeededOrFailed()
inputs:
reportDir: $(Build.ArtifactStagingDirectory)/results-code.html
tabName: 'Snyk Code'
- task: PublishHtmlReport@1
condition: succeededOrFailed()
inputs:
reportDir: $(Build.ArtifactStagingDirectory)/results-open-source.html
tabName: 'Snyk Open Source'
- task: PublishHtmlReport@1
condition: succeededOrFailed()
inputs:
reportDir: $(Build.ArtifactStagingDirectory)/results-container.html
tabName: 'Snyk Container'
- task: PublishHtmlReport@1
condition: succeededOrFailed()
inputs:
reportDir: $(Build.ArtifactStagingDirectory)/results-iac.html
tabName: 'Snyk IaC'
- task: PublishBuildArtifacts@1
inputs:
pathToPublish: '$(Build.ArtifactStagingDirectory)'
artifactName: Snyk Reports