introduce Snyk security scans for V2 images #4575
Conversation
RafalSkolasinski
force-pushed
the
v2-security-scans
branch
from
59b10a1
to
076e049
Compare
RafalSkolasinski
force-pushed
the
v2-security-scans
branch
from
076e049
to
eb1544e
Compare
| env: | ||
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | ||
| run: | | ||
| make -C scheduler lint |
There was a problem hiding this comment.
Do you know why need to run the linter here, instead of using Snyk's GH action?
There was a problem hiding this comment.
In all other tasks there was make -C <directory> fmt but scheduler did not have fmt but lint command. Not sure exactly why it is there. I first assumed it was for Go to pull modules but that does not make sense actually... I may try without it.
But to why these are here: it's because these were present in V1 tasks.
| id: docker-tag | ||
| run: | | ||
| USER_INPUT="${{ github.event.inputs.docker-tag }}" | ||
| echo ::set-output name=value::${USER_INPUT:-"latest"} |
There was a problem hiding this comment.
Oh wow - is this wizardry to default to latest if no tag is present?
There was a problem hiding this comment.
Yeah, that's to use default for input usually coming as parameter to "on_dispatch" in workflows running "on_push". There may be more elegant way (though I doubt, unless some new features were added) but that is what I found when working on SCv2 release workflow.
What this PR does / why we need it:
This PR introduced GitHub Workflow to run Snyk security scans on Core V2 images.
Which issue(s) this PR fixes:
Fixes #4572
Special notes for your reviewer:
Test run results in here