From 4dfde6d0061d5768dc9dc4219d1dcd988ec313e4 Mon Sep 17 00:00:00 2001
From: JonJagger <jon@kosli.com>
Date: Mon, 2 Mar 2026 10:39:00 +0000
Subject: [PATCH 1/4] Try new snyk workflow

---
 .github/workflows/main.yml | 57 +++++++++++++++++++-------------------
 1 file changed, 29 insertions(+), 28 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 7830778c6..a2feb4491 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -117,36 +117,37 @@ jobs:
 
 
   # OIDC fails because this is not a composite workflow
-  # snyk-container-scan:
-  #   needs: [build-image]
-  #   uses: cyber-dojo/live-snyk-scans/.github/workflows/artifact_snyk_test.yml@main
-  #   with:
-  #     artifact_name:        ${{needs.build-image.outputs.tagged_image_name}}
-  #     artifact_fingerprint: ${{needs.build-image.outputs.digest}}
-  #     repo_name:            ${{github.event.repository.name}}
-  #     git_commit:           ${{github.sha}}
-  #     commit_url:           https://github.com/cyber-dojo/${{github.event.repository.name}}/commit/${{github.sha}}
-  #     raw_snyk_policy_url:  https://https://raw.githubusercontent.com/cyber-dojo/${{github.event.repository.name}}/${{github.sha}}/.snyk
-  #     kosli_env:            ${{vars.KOSLI_AWS_BETA}}
-  #   secrets:
-  #     snyk_token:      ${{secrets.SNYK_TOKEN}}
-  #     kosli_api_token: ${{secrets.KOSLI_API_TOKEN}}
-
-
   snyk-container-scan:
     needs: [build-image]
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      contents: write
-    steps:
-      - name: Run snyk-container-test and attest results to Kosli
-        uses: cyber-dojo/snyk-container-test@main
-        with:
-          snyk_token:        ${{ secrets.SNYK_TOKEN }}
-          image_name:        ${{ needs.build-image.outputs.tagged_image_name }}
-          kosli_cli_version: ${{ vars.KOSLI_CLI_VERSION }}
-          attestation_name:  web.snyk-container-scan
+    uses: cyber-dojo/live-snyk-scans/.github/workflows/artifact_snyk_test.yml@main
+    with:
+      artifact_name:        ${{needs.build-image.outputs.tagged_image_name}}
+      artifact_fingerprint: ${{needs.build-image.outputs.digest}}
+      repo_name:            ${{github.event.repository.name}}
+      git_commit:           ${{github.sha}}
+      commit_url:           https://github.com/cyber-dojo/${{github.event.repository.name}}/commit/${{github.sha}}
+      raw_snyk_policy_url:  https://https://raw.githubusercontent.com/cyber-dojo/${{github.event.repository.name}}/${{github.sha}}/.snyk
+      aws_rolename:         gh_actions_services
+      kosli_env:            ${{vars.KOSLI_AWS_BETA}}
+    secrets:
+      snyk_token:      ${{secrets.SNYK_TOKEN}}
+      kosli_api_token: ${{secrets.KOSLI_API_TOKEN}}
+
+
+  # snyk-container-scan:
+  #   needs: [build-image]
+  #   runs-on: ubuntu-latest
+  #   permissions:
+  #     id-token: write
+  #     contents: write
+  #   steps:
+  #     - name: Run snyk-container-test and attest results to Kosli
+  #       uses: cyber-dojo/snyk-container-test@main
+  #       with:
+  #         snyk_token:        ${{ secrets.SNYK_TOKEN }}
+  #         image_name:        ${{ needs.build-image.outputs.tagged_image_name }}
+  #         kosli_cli_version: ${{ vars.KOSLI_CLI_VERSION }}
+  #         attestation_name:  web.snyk-container-scan
 
 
   run-tests:

From 6c2861b2e80ab290ec7bea741b93c1028b45bd2f Mon Sep 17 00:00:00 2001
From: JonJagger <jon@kosli.com>
Date: Mon, 2 Mar 2026 10:44:04 +0000
Subject: [PATCH 2/4] Fix broken url

---
 .github/workflows/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index a2feb4491..cc46f0f70 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -126,7 +126,7 @@ jobs:
       repo_name:            ${{github.event.repository.name}}
       git_commit:           ${{github.sha}}
       commit_url:           https://github.com/cyber-dojo/${{github.event.repository.name}}/commit/${{github.sha}}
-      raw_snyk_policy_url:  https://https://raw.githubusercontent.com/cyber-dojo/${{github.event.repository.name}}/${{github.sha}}/.snyk
+      raw_snyk_policy_url:  https://raw.githubusercontent.com/cyber-dojo/${{github.event.repository.name}}/${{github.sha}}/.snyk
       aws_rolename:         gh_actions_services
       kosli_env:            ${{vars.KOSLI_AWS_BETA}}
     secrets:

From 42fe0d340abbf27bf09421753c28c6a473c5ed2f Mon Sep 17 00:00:00 2001
From: JonJagger <jon@kosli.com>
Date: Mon, 2 Mar 2026 11:13:44 +0000
Subject: [PATCH 3/4] Rerun ci workflow

---
 .github/workflows/force-ci-run | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/force-ci-run b/.github/workflows/force-ci-run
index 23d037360..95bb4ced6 100644
--- a/.github/workflows/force-ci-run
+++ b/.github/workflows/force-ci-run
@@ -1,2 +1,2 @@
 Edit this file for a quick way to force a CI run
-155
+156

From 39cb2c36498f6f737b3dfa0476c5d452552a1950 Mon Sep 17 00:00:00 2001
From: JonJagger <jon@kosli.com>
Date: Mon, 2 Mar 2026 11:17:10 +0000
Subject: [PATCH 4/4] Comment out snyk from .kosli template file

---
 .kosli.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.kosli.yml b/.kosli.yml
index c21926e3b..7510fec93 100644
--- a/.kosli.yml
+++ b/.kosli.yml
@@ -5,8 +5,8 @@ trail:
     - name: pull-request
       type: pull_request
 
-  artifacts:
-    - name: saver
-      attestations:
-        - name: snyk-container-scan
-          type: snyk
\ No newline at end of file
+  # artifacts:
+  #   - name: saver
+  #     attestations:
+  #       - name: snyk-container-scan
+  #         type: snyk
\ No newline at end of file