Run snyk container scan to produce sarif output

cyber-dojo · Feb 28, 2024 · 9ed2338 · 9ed2338
1 parent c8067c6
commit 9ed2338
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/sh/kosli.sh b/sh/kosli.sh
@@ -116,7 +116,9 @@ on_ci_kosli_attest_snyk_scan_evidence()
   if on_ci; then
     set +e
     snyk container test "$(artifact_name)" \
-      --json-file-output="$(repo_root)/snyk.json" \
+      --file=Dockerfile \
+      --sarif \
+      --sarif-file-output=snyk.json \
       --policy-path="$(repo_root)/.snyk"
     set -e