Add snyk-scanning and report to Kosli

LICENSE.md

@@ -1,4 +1,4 @@
-Copyright (c) 2022, [CyberDojo Foundation](http://blog.cyber-dojo.org/2015/08/cyber-dojo-foundation.html)
+Copyright (c) 2023, [CyberDojo Foundation](http://blog.cyber-dojo.org/2015/08/cyber-dojo-foundation.html)
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

build_test_publish.sh

@@ -41,6 +41,7 @@ test_in_containers server  # no client tests
 containers_down
 on_ci_publish_images
 on_ci_kosli_report_artifact_creation
+on_ci_kosli_report_snyk_scan_evidence
 on_ci_kosli_assert_artifact
 
 t2=$(echo_seconds)

sh/kosli.sh

@@ -14,10 +14,10 @@ kosli_create_flow()
   local -r hostname="${1}"
 
   kosli create flow "${KOSLI_FLOW}" \
-    --description "UX for a group practice dashboard" \
-    --host "${hostname}" \
-    --template artifact \
-    --visibility public
+    --description="UX for a group practice dashboard" \
+    --host="${hostname}" \
+    --template=artifact,snyk-scan \
+    --visibility=public
 }
 
 # - - - - - - - - - - - - - - - - - - -
@@ -28,8 +28,20 @@ kosli_report_artifact_creation()
   cd "$(root_dir)"  # So we don't need --repo-root flag
 
   kosli report artifact "$(artifact_name)" \
-      --artifact-type docker \
-      --host "${hostname}"
+      --artifact-type=docker \
+      --host="${hostname}"
+}
+
+# - - - - - - - - - - - - - - - - - - -
+kosli_report_snyk_evidence()
+{
+  local -r hostname="${1}"
+
+  kosli report evidence artifact snyk "$(artifact_name)" \
+      --artifact-type=docker \
+      --host="${hostname}" \
+      --name=snyk-scan \
+      --scan-results=snyk.json
 }
 
 # - - - - - - - - - - - - - - - - - - -
@@ -38,8 +50,8 @@ kosli_assert_artifact()
   local -r hostname="${1}"
 
   kosli assert artifact "$(artifact_name)" \
-      --artifact-type docker \
-      --host "${hostname}"
+      --artifact-type=docker \
+      --host="${hostname}"
 }
 
 # - - - - - - - - - - - - - - - - - - -
@@ -53,10 +65,10 @@ kosli_expect_deployment()
   docker pull "$(artifact_name)"
 
   kosli expect deployment "$(artifact_name)" \
-    --artifact-type docker \
-    --description "Deployed to ${environment} in Github Actions pipeline" \
-    --environment "${environment}" \
-    --host "${hostname}"
+    --artifact-type=docker \
+    --description="Deployed to ${environment} in Github Actions pipeline" \
+    --environment="${environment}" \
+    --host="${hostname}"
 }
 
 # - - - - - - - - - - - - - - - - - - -
@@ -77,6 +89,21 @@ on_ci_kosli_report_artifact_creation()
   fi
 }
 
+# - - - - - - - - - - - - - - - - - - -
+on_ci_kosli_report_snyk_scan_evidence()
+{
+  if on_ci; then
+    set +e
+    snyk container test "$(artifact_name)" \
+      --json-file-output=snyk.json \
+      --policy-path=.snyk
+    set -e
+
+    kosli_report_snyk_evidence "${KOSLI_HOST_STAGING}"
+    kosli_report_snyk_evidence "${KOSLI_HOST_PRODUCTION}"
+  fi
+}
+
 # - - - - - - - - - - - - - - - - - - -
 on_ci_kosli_assert_artifact()
 {

sources/client/Dockerfile

@@ -1,4 +1,4 @@
-FROM cyberdojo/sinatra-base:396f3d2
+FROM cyberdojo/sinatra-base:1fa5420
 LABEL maintainer=jon@jaggersoft.com
 
 WORKDIR /app

sources/server/Dockerfile

@@ -1,4 +1,4 @@
-FROM cyberdojo/sinatra-base:396f3d2
+FROM cyberdojo/sinatra-base:1fa5420
 LABEL maintainer=jon@jaggersoft.com
 
 WORKDIR /app