Skip to content

rropen/dagger-snyk

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Dagger Snyk module

Known to work with Dagger v0.11.2

Check code, infrastructure-as-code and containers using Snyk from your Dagger pipelines.

Prerequisites

Environment Variable Required Default Description Command
SNYK_TOKEN Yes -- Your Snyk API token. You can get this from your Snyk Account page. export SNYK_TOKEN=<your-snyk-token>
SNYK_SEVERITY_THRESHOLD No Low The severity threshold to filter by. (low, medium, high, critical) export SNYK_SEVERITY_THRESHOLD=<your-threshold>

Available Flags

Flag Required Description Command Available On
--org No Your Snyk organization ID. You can get this from your Snyk Account page. --org myorg All
--image Yes The container image to test. --image alpine ContainersTest
--src Yes The source folder to test. --src ../project Test, CodeTest, IacTest
--policy-path No The path pointing to .snyk policy definitions --policy-path ../project/.snyk All

Available Tests

Test

Check the code in the current directory for vulnerabilities:

dagger call -m github.com/rropen/dagger-snyk snyk-test --src . --org myorg --token env:SNYK_TOKEN

Code

Call the SNYK SAST tool:

dagger call -m github.com/rropen/dagger-snyk snyk-code-test --src . --org myorg --token env:SNYK_TOKEN

Infrastructure-as-Code

Check the infrastructure-as-code (e.g. Terraform etc) in the current directory for issues:

dagger call -m github.com/rropen/dagger-snyk snyk-iac-test --src . --org myorg --token $SNYK_TOKEN

Containers

Check the given container image for vulnerabilities:

dagger call -m github.com/rropen/dagger-snyk snyk-container-test --image "alpine:latest" --org myorg --token $SNYK_TOKEN

About

dagger snyk demo module

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Packages

No packages published

Languages

  • TypeScript 100.0%