Try new snyk workflow

.github/workflows/force-ci-run

@@ -1,2 +1,2 @@
 Edit this file for a quick way to force a CI run
-155
+156

.github/workflows/main.yml

@@ -117,36 +117,37 @@ jobs:
 
 
   # OIDC fails because this is not a composite workflow
-  # snyk-container-scan:
-  #   needs: [build-image]
-  #   uses: cyber-dojo/live-snyk-scans/.github/workflows/artifact_snyk_test.yml@main
-  #   with:
-  #     artifact_name:        ${{needs.build-image.outputs.tagged_image_name}}
-  #     artifact_fingerprint: ${{needs.build-image.outputs.digest}}
-  #     repo_name:            ${{github.event.repository.name}}
-  #     git_commit:           ${{github.sha}}
-  #     commit_url:           https://github.com/cyber-dojo/${{github.event.repository.name}}/commit/${{github.sha}}
-  #     raw_snyk_policy_url:  https://https://raw.githubusercontent.com/cyber-dojo/${{github.event.repository.name}}/${{github.sha}}/.snyk
-  #     kosli_env:            ${{vars.KOSLI_AWS_BETA}}
-  #   secrets:
-  #     snyk_token:      ${{secrets.SNYK_TOKEN}}
-  #     kosli_api_token: ${{secrets.KOSLI_API_TOKEN}}
-
-
   snyk-container-scan:
     needs: [build-image]
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      contents: write
-    steps:
-      - name: Run snyk-container-test and attest results to Kosli
-        uses: cyber-dojo/snyk-container-test@main
-        with:
-          snyk_token:        ${{ secrets.SNYK_TOKEN }}
-          image_name:        ${{ needs.build-image.outputs.tagged_image_name }}
-          kosli_cli_version: ${{ vars.KOSLI_CLI_VERSION }}
-          attestation_name:  web.snyk-container-scan
+    uses: cyber-dojo/live-snyk-scans/.github/workflows/artifact_snyk_test.yml@main
+    with:
+      artifact_name:        ${{needs.build-image.outputs.tagged_image_name}}
+      artifact_fingerprint: ${{needs.build-image.outputs.digest}}
+      repo_name:            ${{github.event.repository.name}}
+      git_commit:           ${{github.sha}}
+      commit_url:           https://github.com/cyber-dojo/${{github.event.repository.name}}/commit/${{github.sha}}
+      raw_snyk_policy_url:  https://raw.githubusercontent.com/cyber-dojo/${{github.event.repository.name}}/${{github.sha}}/.snyk
+      aws_rolename:         gh_actions_services
+      kosli_env:            ${{vars.KOSLI_AWS_BETA}}
+    secrets:
+      snyk_token:      ${{secrets.SNYK_TOKEN}}
+      kosli_api_token: ${{secrets.KOSLI_API_TOKEN}}
+
+
+  # snyk-container-scan:
+  #   needs: [build-image]
+  #   runs-on: ubuntu-latest
+  #   permissions:
+  #     id-token: write
+  #     contents: write
+  #   steps:
+  #     - name: Run snyk-container-test and attest results to Kosli
+  #       uses: cyber-dojo/snyk-container-test@main
+  #       with:
+  #         snyk_token:        ${{ secrets.SNYK_TOKEN }}
+  #         image_name:        ${{ needs.build-image.outputs.tagged_image_name }}
+  #         kosli_cli_version: ${{ vars.KOSLI_CLI_VERSION }}
+  #         attestation_name:  web.snyk-container-scan
 
 
   run-tests:

.kosli.yml

@@ -5,8 +5,8 @@ trail:
     - name: pull-request
       type: pull_request
 
-  artifacts:
-    - name: saver
-      attestations:
-        - name: snyk-container-scan
-          type: snyk
+  # artifacts:
+  #   - name: saver
+  #     attestations:
+  #       - name: snyk-container-scan
+  #         type: snyk