This action runs snyk on generated gemfiles for vanagon builds.
This tool will use the output of vanagon inspect
in order to identify any gems pulled in from rubygems.org
. It builds a pseudo Gemfile for each project and platform in the configs
directory of a vanagon repository. It then creates a Gemfile.lock from the pseudo Gemfile and scans it with snyk.
The mend API key
The mend user token
The mend URL for your mend endpoint
The name of the product to send results to
the name of the project. Note that the branch, project, and platform will be appended. See branch below for details
Branch name to prepend to the snyk project name. If branch is set to ""
then the name in snyk would be in the form <project>_<platform>
. If branch is not empty it will be in the form <branch>_<project>_<platform>
. Branch can be automatically set using {{ github.ref_name }}
. Branch is limited to < 10 alphanumeric characters plus dash.
A comma separated list of projects to skip
A comma separated list of platforms to skip
A SSH key to install on the docker container in /root/.ssh/<sshKeyName>
. It must be base64 encoded
The name of the SSH key
This action does not output the vulns in the package like the snyk one did. Results are in the mend console.
please see sample_workflow.yaml
for a sample