Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added trigger for Google Cloud Build #36

Open
wants to merge 12 commits into
base: master
Choose a base branch
from
Open

Added trigger for Google Cloud Build #36

Changes from 5 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
7fdc90e
added GoogleCloudBuild
jiajunngjj Mar 2, 2022
d7d6150
added GoogleCloudBuild
jiajunngjj Mar 2, 2022
9c49aa6
Rename config.yaml to GoogleCloudBuild-docker-generic.yaml
jiajunngjj Jul 7, 2022
e15827f
Update GoogleCloudBuild-docker-generic.yaml
jiajunngjj Jul 7, 2022
588e71d
Update GoogleCloudBuild-docker-generic.yaml
jiajunngjj Jul 7, 2022
533c214
Update GoogleCloudBuild-docker-generic.yaml
jiajunngjj Jul 21, 2022
42a5dbf
Update GoogleCloudBuild-docker-generic.yaml
jiajunngjj Jul 21, 2022
7285797
added argocd
jiajunngjj Jul 21, 2022
c5d7744
Update snyk-scan.yml
jiajunngjj Jul 21, 2022
1160087
removed argocd
jiajunngjj Jul 29, 2022
8efdbe2
Merge branch 'master' of https://github.com/jiajunngjj/snyk-cicd-inte…
jiajunngjj Jul 29, 2022
43720a6
removed argocd
jiajunngjj Jul 29, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 42 additions & 0 deletions GoogleCloudBuild/GoogleCloudBuild-docker-generic.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
# You can find the Snyk Official CLI container images here: https://github.com/snyk/cli#snyk-cli-in-a-docker-image
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a line or two of comments on the top of the file similar to other recently updated file to explain what is being shown in the file.

steps:
- name: 'snyk/snyk-cli:npm'
args:
- '-c'
- |-
snyk config set api=${_SNYK_TOKEN}
snyk test --json-file-output=results-open-source.html || true
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On the file output:

this line (and L16, L24, L32) do not produce the expected output.
--json-file-output will create a JSON file, not a HTML file as the name would suggest.

Please add a snyk-to-html step in between. You can refer to the example in

snyk-cicd-integration-examples/AzurePipelines/AzurePipelines-npm-generic-html.yml

Line 42 in c21e80b

snyk test --all-projects --json-file-output=results.json
.

On the return code:
As shown in that file, we capture the return code and exit with it.

Unfortunately GCB does not support something like allow_failure, yet, so the exit line should be something like:

exit 0 # exit $RETURN_CODE

Which shows the developer our approach for exiting with 0 by default, but showing them how to enable the security gate again.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've checked in the wrong codes previously hence the confusion. Changes made.

id: Snyk Open Source test
entrypoint: bash
- name: 'snyk/snyk-cli:npm'
args:
- '-c'
- |-
snyk config set api=${_SNYK_TOKEN}
snyk code test --sarif-file-output=results-code.html || true
id: Snyk Code test
entrypoint: bash
- name: 'snyk/snyk-cli:npm'
args:
- '-c'
- |-
snyk config set api=${_SNYK_TOKEN}
snyk iac test <TERRAFORM FILE> --json-file-output=results-iac.html || true
id: Snyk IaC test
entrypoint: bash
- name: 'snyk/snyk-cli:npm'
args:
- '-c'
- |-
snyk config set api=${_SNYK_TOKEN}
snyk container test <CONTAINER_IMAGE> --json-file-output=results-container.html || true
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please add the --file=Dockerfile parameter as well so it's easier to copy/paste

id: Snyk Container test
entrypoint: bash
artifacts:
objects:
location: 'gs://<STORE_NAME>/scan_output'
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not familiar with GCB here, but is scan_output a local folder or is that a output folder?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

output folder

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's ok, I've removed this output folder on Google Cloud Storage. I will just store all in the root directory of the storage. All good.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

STORE_NAME seems to be a required variable. Please explain the requirement on the top of file as well.

paths:
- results-open-source.html
- results-code.html
- results-iac.html
- results-container.html