From 7fdc90e1e333620f775e16bee56b3ef0a4293913 Mon Sep 17 00:00:00 2001
From: Jia Jun Ng <ngjiajun13@gmail.com>
Date: Wed, 2 Mar 2022 11:45:47 +0800
Subject: [PATCH 01/11] added GoogleCloudBuild

---
 GoogleCloudBuild/config.yaml | 47 ++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 GoogleCloudBuild/config.yaml

diff --git a/GoogleCloudBuild/config.yaml b/GoogleCloudBuild/config.yaml
new file mode 100644
index 0000000..1d3e37c
--- /dev/null
+++ b/GoogleCloudBuild/config.yaml
@@ -0,0 +1,47 @@
+steps:
+  - name: 'snyk/snyk-cli:npm'
+    args:
+      - '-c'
+      - |-
+        snyk config set api=${_SNYK_TOKEN}
+        snyk test --severity-threshold=medium || true
+    id: Snyk Open Source test
+    entrypoint: bash
+  - name: 'snyk/snyk-cli:npm'
+    args:
+      - '-c'
+      - |-
+        snyk config set api=${_SNYK_TOKEN}
+        snyk code test --severity-threshold=medium || true
+    id: Snyk Code test
+    entrypoint: bash
+  - name: 'snyk/snyk-cli:npm'
+    args:
+      - '-c'
+      - |-
+        snyk config set api=${_SNYK_TOKEN}
+        snyk iac test main.tf || true
+    id: Snyk IaC test
+    entrypoint: bash
+  - name: 'snyk/snyk-cli:npm'
+    args:
+      - '-c'
+      - |-
+        snyk config set api=${_SNYK_TOKEN}
+        snyk container test --severity-threshold=medium jiajunngjj/docker-goof:latest || true
+    id: Snyk Container test
+    entrypoint: bash
+  - name: 'snyk/snyk-cli:npm'
+    args:
+      - '-c'
+      - |-
+        snyk config set api=${_SNYK_TOKEN}
+        snyk test --severity-threshold=medium --json | snyk-to-html -o
+        results.html || true
+    id: Create HTML artefact
+    entrypoint: bash
+artifacts:
+  objects:
+    location: 'gs://<STORE_NAME>/scan_output'
+    paths:
+      - results.html

From d7d615066b31dfdde86e2fc76b218bcb3cedf1e6 Mon Sep 17 00:00:00 2001
From: Jia Jun Ng <ngjiajun13@gmail.com>
Date: Wed, 2 Mar 2022 11:47:52 +0800
Subject: [PATCH 02/11] added GoogleCloudBuild

---
 GoogleCloudBuild/config.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/GoogleCloudBuild/config.yaml b/GoogleCloudBuild/config.yaml
index 1d3e37c..0f5a4ff 100644
--- a/GoogleCloudBuild/config.yaml
+++ b/GoogleCloudBuild/config.yaml
@@ -20,7 +20,7 @@ steps:
       - '-c'
       - |-
         snyk config set api=${_SNYK_TOKEN}
-        snyk iac test main.tf || true
+        snyk iac test <TERRAFORM FILE> || true
     id: Snyk IaC test
     entrypoint: bash
   - name: 'snyk/snyk-cli:npm'
@@ -28,7 +28,7 @@ steps:
       - '-c'
       - |-
         snyk config set api=${_SNYK_TOKEN}
-        snyk container test --severity-threshold=medium jiajunngjj/docker-goof:latest || true
+        snyk container test --severity-threshold=medium <CONTAINER_IMAGE> || true
     id: Snyk Container test
     entrypoint: bash
   - name: 'snyk/snyk-cli:npm'

From 9c49aa65426238325d1e31a4c2f962ca0735779f Mon Sep 17 00:00:00 2001
From: "Jia Jun Ng (JJ)" <25560159+jiajunngjj@users.noreply.github.com>
Date: Thu, 7 Jul 2022 23:24:16 +0800
Subject: [PATCH 03/11] Rename config.yaml to
 GoogleCloudBuild-docker-generic.yaml

---
 .../{config.yaml => GoogleCloudBuild-docker-generic.yaml}         | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename GoogleCloudBuild/{config.yaml => GoogleCloudBuild-docker-generic.yaml} (100%)

diff --git a/GoogleCloudBuild/config.yaml b/GoogleCloudBuild/GoogleCloudBuild-docker-generic.yaml
similarity index 100%
rename from GoogleCloudBuild/config.yaml
rename to GoogleCloudBuild/GoogleCloudBuild-docker-generic.yaml

From e15827f9f3fe5d284d2b0bc40e6a3aba2c007b23 Mon Sep 17 00:00:00 2001
From: "Jia Jun Ng (JJ)" <25560159+jiajunngjj@users.noreply.github.com>
Date: Thu, 7 Jul 2022 23:28:16 +0800
Subject: [PATCH 04/11] Update GoogleCloudBuild-docker-generic.yaml

---
 GoogleCloudBuild/GoogleCloudBuild-docker-generic.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/GoogleCloudBuild/GoogleCloudBuild-docker-generic.yaml b/GoogleCloudBuild/GoogleCloudBuild-docker-generic.yaml
index 0f5a4ff..f404dd5 100644
--- a/GoogleCloudBuild/GoogleCloudBuild-docker-generic.yaml
+++ b/GoogleCloudBuild/GoogleCloudBuild-docker-generic.yaml
@@ -1,3 +1,4 @@
+# https://github.com/snyk/cli#snyk-cli-in-a-docker-image
 steps:
   - name: 'snyk/snyk-cli:npm'
     args:

From 588e71d2f68e1185c4f8460ffbdeee6c9d218529 Mon Sep 17 00:00:00 2001
From: "Jia Jun Ng (JJ)" <25560159+jiajunngjj@users.noreply.github.com>
Date: Thu, 7 Jul 2022 23:54:26 +0800
Subject: [PATCH 05/11] Update GoogleCloudBuild-docker-generic.yaml

---
 .../GoogleCloudBuild-docker-generic.yaml      | 24 +++++++------------
 1 file changed, 9 insertions(+), 15 deletions(-)

diff --git a/GoogleCloudBuild/GoogleCloudBuild-docker-generic.yaml b/GoogleCloudBuild/GoogleCloudBuild-docker-generic.yaml
index f404dd5..b651d08 100644
--- a/GoogleCloudBuild/GoogleCloudBuild-docker-generic.yaml
+++ b/GoogleCloudBuild/GoogleCloudBuild-docker-generic.yaml
@@ -1,11 +1,11 @@
-# https://github.com/snyk/cli#snyk-cli-in-a-docker-image
+# You can find the Snyk Official CLI container images here: https://github.com/snyk/cli#snyk-cli-in-a-docker-image
 steps:
   - name: 'snyk/snyk-cli:npm'
     args:
       - '-c'
       - |-
         snyk config set api=${_SNYK_TOKEN}
-        snyk test --severity-threshold=medium || true
+        snyk test --json-file-output=results-open-source.html || true
     id: Snyk Open Source test
     entrypoint: bash
   - name: 'snyk/snyk-cli:npm'
@@ -13,7 +13,7 @@ steps:
       - '-c'
       - |-
         snyk config set api=${_SNYK_TOKEN}
-        snyk code test --severity-threshold=medium || true
+        snyk code test --sarif-file-output=results-code.html || true
     id: Snyk Code test
     entrypoint: bash
   - name: 'snyk/snyk-cli:npm'
@@ -21,7 +21,7 @@ steps:
       - '-c'
       - |-
         snyk config set api=${_SNYK_TOKEN}
-        snyk iac test <TERRAFORM FILE> || true
+        snyk iac test <TERRAFORM FILE> --json-file-output=results-iac.html || true
     id: Snyk IaC test
     entrypoint: bash
   - name: 'snyk/snyk-cli:npm'
@@ -29,20 +29,14 @@ steps:
       - '-c'
       - |-
         snyk config set api=${_SNYK_TOKEN}
-        snyk container test --severity-threshold=medium <CONTAINER_IMAGE> || true
+        snyk container test <CONTAINER_IMAGE> --json-file-output=results-container.html || true
     id: Snyk Container test
     entrypoint: bash
-  - name: 'snyk/snyk-cli:npm'
-    args:
-      - '-c'
-      - |-
-        snyk config set api=${_SNYK_TOKEN}
-        snyk test --severity-threshold=medium --json | snyk-to-html -o
-        results.html || true
-    id: Create HTML artefact
-    entrypoint: bash
 artifacts:
   objects:
     location: 'gs://<STORE_NAME>/scan_output'
     paths:
-      - results.html
+      - results-open-source.html
+      - results-code.html
+      - results-iac.html
+      - results-container.html

From 533c214dabb3dce058a3657d264d9064b5283540 Mon Sep 17 00:00:00 2001
From: "Jia Jun Ng (JJ)" <25560159+jiajunngjj@users.noreply.github.com>
Date: Thu, 21 Jul 2022 09:32:45 +0800
Subject: [PATCH 06/11] Update GoogleCloudBuild-docker-generic.yaml

---
 .../GoogleCloudBuild-docker-generic.yaml      | 24 ++++++++++++++-----
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/GoogleCloudBuild/GoogleCloudBuild-docker-generic.yaml b/GoogleCloudBuild/GoogleCloudBuild-docker-generic.yaml
index b651d08..1b6ea56 100644
--- a/GoogleCloudBuild/GoogleCloudBuild-docker-generic.yaml
+++ b/GoogleCloudBuild/GoogleCloudBuild-docker-generic.yaml
@@ -5,7 +5,10 @@ steps:
       - '-c'
       - |-
         snyk config set api=${_SNYK_TOKEN}
-        snyk test --json-file-output=results-open-source.html || true
+        snyk test --all-projects --json-file-output=results.json
+        RESULT=$?
+        snyk-to-html -o results-open-source.html < results.json
+        exit 0
     id: Snyk Open Source test
     entrypoint: bash
   - name: 'snyk/snyk-cli:npm'
@@ -13,7 +16,10 @@ steps:
       - '-c'
       - |-
         snyk config set api=${_SNYK_TOKEN}
-        snyk code test --sarif-file-output=results-code.html || true
+        snyk code test --sarif-file-output=results.sarif
+        RESULT=$?
+        snyk-to-html -o results-code.html < results.sarif
+        exit 0
     id: Snyk Code test
     entrypoint: bash
   - name: 'snyk/snyk-cli:npm'
@@ -21,7 +27,10 @@ steps:
       - '-c'
       - |-
         snyk config set api=${_SNYK_TOKEN}
-        snyk iac test <TERRAFORM FILE> --json-file-output=results-iac.html || true
+        snyk iac test --json-file-output=results.json
+        RESULT=$?
+        snyk-to-html -o results-iac.html < results.json
+        exit 0 
     id: Snyk IaC test
     entrypoint: bash
   - name: 'snyk/snyk-cli:npm'
@@ -29,12 +38,15 @@ steps:
       - '-c'
       - |-
         snyk config set api=${_SNYK_TOKEN}
-        snyk container test <CONTAINER_IMAGE> --json-file-output=results-container.html || true
+        snyk container test jiajunngjj/docker-goof --file=Dockerfile --json-file-output=results.json
+        RESULT=$?
+        snyk-to-html -o results-container.html < results.json
+        exit 0 
     id: Snyk Container test
     entrypoint: bash
 artifacts:
-  objects:
-    location: 'gs://<STORE_NAME>/scan_output'
+  objects:     
+    location: 'gs://${_STORE_NAME}' #Create a Google Cloud Storage to store your report artifacts
     paths:
       - results-open-source.html
       - results-code.html

From 42a5dbf49690787aa4c8ae8501a1d38aed324cc3 Mon Sep 17 00:00:00 2001
From: "Jia Jun Ng (JJ)" <25560159+jiajunngjj@users.noreply.github.com>
Date: Thu, 21 Jul 2022 09:35:38 +0800
Subject: [PATCH 07/11] Update GoogleCloudBuild-docker-generic.yaml

---
 GoogleCloudBuild/GoogleCloudBuild-docker-generic.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/GoogleCloudBuild/GoogleCloudBuild-docker-generic.yaml b/GoogleCloudBuild/GoogleCloudBuild-docker-generic.yaml
index 1b6ea56..467071f 100644
--- a/GoogleCloudBuild/GoogleCloudBuild-docker-generic.yaml
+++ b/GoogleCloudBuild/GoogleCloudBuild-docker-generic.yaml
@@ -1,4 +1,5 @@
-# You can find the Snyk Official CLI container images here: https://github.com/snyk/cli#snyk-cli-in-a-docker-image
+# You can find the Snyk official CLI container images here: https://github.com/snyk/cli#snyk-cli-in-a-docker-image
+# Snyk CLI container is running at each step to trigger the Snyk scan. The example below uses the snyk/snyk-cli:npm container image
 steps:
   - name: 'snyk/snyk-cli:npm'
     args:

From 72857972dc47389d57959249358101587515dc2d Mon Sep 17 00:00:00 2001
From: Jia Jun Ng <ngjiajun13@gmail.com>
Date: Thu, 21 Jul 2022 09:51:51 +0800
Subject: [PATCH 08/11] added argocd

---
 ArgoCD/snyk-scan.yml | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 ArgoCD/snyk-scan.yml

diff --git a/ArgoCD/snyk-scan.yml b/ArgoCD/snyk-scan.yml
new file mode 100644
index 0000000..dcadc30
--- /dev/null
+++ b/ArgoCD/snyk-scan.yml
@@ -0,0 +1,27 @@
+# Need to include this in the same directory as your k8s deployment yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: before
+  annotations:
+    argocd.argoproj.io/hook: PreSync # PreSync hook would allow the below container to run before the actual synchronization
+spec:
+  ttlSecondsAfterFinished: 600
+  template:
+    spec:
+      containers:
+      - name: snyk-cli
+        image: snyk/snyk-cli:npm
+        command: ["/bin/sh","-c"]
+        args:
+          - git clone https://github.com/jiajunngjj/argocd-goof.git
+          - snyk auth $SNYK_TOKEN
+          - snyk iac test argocd-goof/goof/goof-deployment.yaml --severity-threshold=high # any detection of vuln with severity high and above would fail the synchronization
+        env:
+          - name: SNYK_TOKEN # Create your Snyk token as a secret in the same namespace that that this job is running
+            valueFrom:
+              secretKeyRef:
+                name: snyk-token
+                key: token
+      restartPolicy: Never
+  backoffLimit: 0

From c5d77444df5b52e6496b8b3f4c0614e13084e369 Mon Sep 17 00:00:00 2001
From: "Jia Jun Ng (JJ)" <25560159+jiajunngjj@users.noreply.github.com>
Date: Thu, 21 Jul 2022 09:57:45 +0800
Subject: [PATCH 09/11] Update snyk-scan.yml

---
 ArgoCD/snyk-scan.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ArgoCD/snyk-scan.yml b/ArgoCD/snyk-scan.yml
index dcadc30..343024e 100644
--- a/ArgoCD/snyk-scan.yml
+++ b/ArgoCD/snyk-scan.yml
@@ -14,7 +14,7 @@ spec:
         image: snyk/snyk-cli:npm
         command: ["/bin/sh","-c"]
         args:
-          - git clone https://github.com/jiajunngjj/argocd-goof.git
+          - git clone https://github.com/jiajunngjj/argocd-goof.git # Clone your own repo to run scan on your k8s deployment yaml
           - snyk auth $SNYK_TOKEN
           - snyk iac test argocd-goof/goof/goof-deployment.yaml --severity-threshold=high # any detection of vuln with severity high and above would fail the synchronization
         env:

From 116008781356a58aad9faa63ec4c1582e1e539c0 Mon Sep 17 00:00:00 2001
From: Jia Jun Ng <ngjiajun13@gmail.com>
Date: Fri, 29 Jul 2022 14:47:25 +0800
Subject: [PATCH 10/11] removed argocd

---
 ArgoCD/snyk-scan.yml | 27 ---------------------------
 1 file changed, 27 deletions(-)
 delete mode 100644 ArgoCD/snyk-scan.yml

diff --git a/ArgoCD/snyk-scan.yml b/ArgoCD/snyk-scan.yml
deleted file mode 100644
index dcadc30..0000000
--- a/ArgoCD/snyk-scan.yml
+++ /dev/null
@@ -1,27 +0,0 @@
-# Need to include this in the same directory as your k8s deployment yaml
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: before
-  annotations:
-    argocd.argoproj.io/hook: PreSync # PreSync hook would allow the below container to run before the actual synchronization
-spec:
-  ttlSecondsAfterFinished: 600
-  template:
-    spec:
-      containers:
-      - name: snyk-cli
-        image: snyk/snyk-cli:npm
-        command: ["/bin/sh","-c"]
-        args:
-          - git clone https://github.com/jiajunngjj/argocd-goof.git
-          - snyk auth $SNYK_TOKEN
-          - snyk iac test argocd-goof/goof/goof-deployment.yaml --severity-threshold=high # any detection of vuln with severity high and above would fail the synchronization
-        env:
-          - name: SNYK_TOKEN # Create your Snyk token as a secret in the same namespace that that this job is running
-            valueFrom:
-              secretKeyRef:
-                name: snyk-token
-                key: token
-      restartPolicy: Never
-  backoffLimit: 0

From 43720a67c254113b12af3e2adefe49c739c40ae9 Mon Sep 17 00:00:00 2001
From: Jia Jun Ng <ngjiajun13@gmail.com>
Date: Fri, 29 Jul 2022 14:49:08 +0800
Subject: [PATCH 11/11] removed argocd

---
 ArgoCD/snyk-scan.yml | 27 ---------------------------
 1 file changed, 27 deletions(-)
 delete mode 100644 ArgoCD/snyk-scan.yml

diff --git a/ArgoCD/snyk-scan.yml b/ArgoCD/snyk-scan.yml
deleted file mode 100644
index 343024e..0000000
--- a/ArgoCD/snyk-scan.yml
+++ /dev/null
@@ -1,27 +0,0 @@
-# Need to include this in the same directory as your k8s deployment yaml
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: before
-  annotations:
-    argocd.argoproj.io/hook: PreSync # PreSync hook would allow the below container to run before the actual synchronization
-spec:
-  ttlSecondsAfterFinished: 600
-  template:
-    spec:
-      containers:
-      - name: snyk-cli
-        image: snyk/snyk-cli:npm
-        command: ["/bin/sh","-c"]
-        args:
-          - git clone https://github.com/jiajunngjj/argocd-goof.git # Clone your own repo to run scan on your k8s deployment yaml
-          - snyk auth $SNYK_TOKEN
-          - snyk iac test argocd-goof/goof/goof-deployment.yaml --severity-threshold=high # any detection of vuln with severity high and above would fail the synchronization
-        env:
-          - name: SNYK_TOKEN # Create your Snyk token as a secret in the same namespace that that this job is running
-            valueFrom:
-              secretKeyRef:
-                name: snyk-token
-                key: token
-      restartPolicy: Never
-  backoffLimit: 0