Snyk Jenkins plugin enables jenkins users to test their open source packages against the Snyk vulnerability database
- This plugin requires Docker installation on the machine in order to scan your dependencies.
- Pull Snyk docker image by running the following command:
docker pull snyk/snyk-cli
- Add Jenkins user to the docker group:
sudo usermod -aG docker jenkins-userand verify that the Jenkins user can run docker commands without a sudo.
- Set up your local maven env to allow releases of the jenkins plugin (chat with people who have done this before).
- Create a branch off of master, push changes, open a PR and get it merged to master.
- Pull master locally and run
mvn release:prepare release:perform -X -B. This pushes the release and adds two commits to master.
- Push master branch to the repo to allow for the next release to happen in the future.