From b3e9ae6050bbac9de4ee1d2aeeeaf80391ffdf1d Mon Sep 17 00:00:00 2001 From: JonJagger Date: Sun, 1 Mar 2026 19:07:42 +0000 Subject: [PATCH 1/2] Fix yaml job to run live-snyk-scans workflow --- .github/workflows/main.yml | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 338dcf739..081c7ac9f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -118,21 +118,19 @@ jobs: snyk-container-scan: needs: [build-image] - runs-on: ubuntu-latest - steps: - - name: Run snyk-container-test and attest results to Kosli - uses: cyber-dojo/live-snyk-scans/.github/workflows/artifact_snyk_test.yml@main - with: - artifact_name: ${{needs.build-image.outputs.tagged_image_name}} - artifact_fingerprint: ${{needs.build-image.outputs.digest}} - repo_name: ${{github.event.repository.name}} - git_commit: ${{github.sha}} - commit_url: https://github.com/cyber-dojo/${{github.event.repository.name}}/commit/${{github.sha}} - raw_snyk_policy_url: https://https://raw.githubusercontent.com/cyber-dojo/${{github.event.repository.name}}/${{github.sha}}/.snyk - kosli_env: ${{vars.KOSLI_AWS_BETA}} - secrets: - snyk_token: ${{secrets.SNYK_TOKEN}} - kosli_api_token: ${{secrets.KOSLI_API_TOKEN}} + uses: cyber-dojo/live-snyk-scans/.github/workflows/artifact_snyk_test.yml@main + with: + artifact_name: ${{needs.build-image.outputs.tagged_image_name}} + artifact_fingerprint: ${{needs.build-image.outputs.digest}} + repo_name: ${{github.event.repository.name}} + git_commit: ${{github.sha}} + commit_url: https://github.com/cyber-dojo/${{github.event.repository.name}}/commit/${{github.sha}} + raw_snyk_policy_url: https://https://raw.githubusercontent.com/cyber-dojo/${{github.event.repository.name}}/${{github.sha}}/.snyk + kosli_env: ${{vars.KOSLI_AWS_BETA}} + secrets: + snyk_token: ${{secrets.SNYK_TOKEN}} + kosli_api_token: ${{secrets.KOSLI_API_TOKEN}} + # snyk-container-scan: # needs: [build-image] From 3b839d81e69601cd63bbb0f267c0274e92013299 Mon Sep 17 00:00:00 2001 From: JonJagger Date: Sun, 1 Mar 2026 19:11:35 +0000 Subject: [PATCH 2/2] Restore original workflow snyk-container-scan job --- .github/workflows/main.yml | 57 +++++++++++++++++++------------------- .kosli.yml | 10 +++---- 2 files changed, 34 insertions(+), 33 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 081c7ac9f..7830778c6 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -116,36 +116,37 @@ jobs: kosli_api_token: ${{ secrets.KOSLI_API_TOKEN }} - snyk-container-scan: - needs: [build-image] - uses: cyber-dojo/live-snyk-scans/.github/workflows/artifact_snyk_test.yml@main - with: - artifact_name: ${{needs.build-image.outputs.tagged_image_name}} - artifact_fingerprint: ${{needs.build-image.outputs.digest}} - repo_name: ${{github.event.repository.name}} - git_commit: ${{github.sha}} - commit_url: https://github.com/cyber-dojo/${{github.event.repository.name}}/commit/${{github.sha}} - raw_snyk_policy_url: https://https://raw.githubusercontent.com/cyber-dojo/${{github.event.repository.name}}/${{github.sha}}/.snyk - kosli_env: ${{vars.KOSLI_AWS_BETA}} - secrets: - snyk_token: ${{secrets.SNYK_TOKEN}} - kosli_api_token: ${{secrets.KOSLI_API_TOKEN}} - - + # OIDC fails because this is not a composite workflow # snyk-container-scan: # needs: [build-image] - # runs-on: ubuntu-latest - # permissions: - # id-token: write - # contents: write - # steps: - # - name: Run snyk-container-test and attest results to Kosli - # uses: cyber-dojo/snyk-container-test@main - # with: - # snyk_token: ${{ secrets.SNYK_TOKEN }} - # image_name: ${{ needs.build-image.outputs.tagged_image_name }} - # kosli_cli_version: ${{ vars.KOSLI_CLI_VERSION }} - # attestation_name: web.snyk-container-scan + # uses: cyber-dojo/live-snyk-scans/.github/workflows/artifact_snyk_test.yml@main + # with: + # artifact_name: ${{needs.build-image.outputs.tagged_image_name}} + # artifact_fingerprint: ${{needs.build-image.outputs.digest}} + # repo_name: ${{github.event.repository.name}} + # git_commit: ${{github.sha}} + # commit_url: https://github.com/cyber-dojo/${{github.event.repository.name}}/commit/${{github.sha}} + # raw_snyk_policy_url: https://https://raw.githubusercontent.com/cyber-dojo/${{github.event.repository.name}}/${{github.sha}}/.snyk + # kosli_env: ${{vars.KOSLI_AWS_BETA}} + # secrets: + # snyk_token: ${{secrets.SNYK_TOKEN}} + # kosli_api_token: ${{secrets.KOSLI_API_TOKEN}} + + + snyk-container-scan: + needs: [build-image] + runs-on: ubuntu-latest + permissions: + id-token: write + contents: write + steps: + - name: Run snyk-container-test and attest results to Kosli + uses: cyber-dojo/snyk-container-test@main + with: + snyk_token: ${{ secrets.SNYK_TOKEN }} + image_name: ${{ needs.build-image.outputs.tagged_image_name }} + kosli_cli_version: ${{ vars.KOSLI_CLI_VERSION }} + attestation_name: web.snyk-container-scan run-tests: diff --git a/.kosli.yml b/.kosli.yml index 7510fec93..c21926e3b 100644 --- a/.kosli.yml +++ b/.kosli.yml @@ -5,8 +5,8 @@ trail: - name: pull-request type: pull_request - # artifacts: - # - name: saver - # attestations: - # - name: snyk-container-scan - # type: snyk \ No newline at end of file + artifacts: + - name: saver + attestations: + - name: snyk-container-scan + type: snyk \ No newline at end of file