From a8d74c8559d40587b8af100e7b190e46099b0cfb Mon Sep 17 00:00:00 2001 From: JonJagger Date: Sat, 21 Feb 2026 07:48:12 +0000 Subject: [PATCH] Use composite action for snyk container test --- .github/workflows/main.yml | 46 +++++--------------------------------- 1 file changed, 6 insertions(+), 40 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index d29ba4cb..37380623 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -171,48 +171,14 @@ jobs: permissions: id-token: write contents: write - env: - IMAGE_NAME: ${{ needs.build-image.outputs.tagged_image_name }} - KOSLI_FINGERPRINT: ${{ needs.build-image.outputs.digest }} - SARIF_FILENAME: snyk.container.scan.json steps: - - name: Harden Runner - uses: step-security/harden-runner@v2 - with: - egress-policy: audit - - - name: Load image from registry - uses: cyber-dojo/load-image-from-registry@main - - - name: Setup Snyk - uses: snyk/actions/setup@master - with: - snyk-version: v1.1300.2 - - - uses: actions/checkout@v4 - - - name: Run Snyk container scan - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - run: - snyk container test "${IMAGE_NAME}" - --policy-path=.snyk - --sarif - --sarif-file-output="${SARIF_FILENAME}" - - - name: Setup Kosli CLI - if: ${{ github.ref == 'refs/heads/main' && (success() || failure()) }} - uses: kosli-dev/setup-cli-action@v2 + - name: Run snyk-container-test and attest results to Kosli + uses: cyber-dojo/snyk-container-test@main with: - version: ${{ vars.KOSLI_CLI_VERSION }} - - - name: Attest evidence to Kosli - if: ${{ github.ref == 'refs/heads/main' && (success() || failure()) }} - run: - kosli attest snyk - --attachments=.snyk - --name=runner.snyk-container-scan - --scan-results="${SARIF_FILENAME}" + snyk_token: ${{ secrets.SNYK_TOKEN }} + image_name: ${{ needs.build-image.outputs.tagged_image_name }} + kosli_cli_version: ${{ vars.KOSLI_CLI_VERSION }} + attestation_name: runner.snyk-container-scan unit-tests: