From 1556804341792607d4819376ca595d371c3d736c Mon Sep 17 00:00:00 2001 From: Jamie O'Meara Date: Wed, 19 May 2021 15:40:23 -0600 Subject: [PATCH] Update maven.yml --- .github/workflows/maven.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index cca0692a1..f935aa3f6 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -82,3 +82,20 @@ jobs: uses: github/codeql-action/upload-sarif@v1 with: sarif_file: ${{ steps.scan.outputs.sarif }} + + - name: Run Snyk to check Docker image for vulnerabilities + # Snyk can be used to break the build when it detects vulnerabilities. + # In this case we want to upload the issues to GitHub Code Scanning + continue-on-error: true + uses: snyk/actions/docker@master + env: + # In order to use the Snyk Action you will need to have a Snyk API token. + # More details in https://github.com/snyk/actions#getting-your-snyk-token + # or you can signup for free at https://snyk.io/login + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + image: ghcr.io/octodemo/spring-petclinic/spring-petclinic:latest + - name: Upload result to GitHub Code Scanning + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: snyk.sarif