Skip to content

Try one attestation per snyk vulnerability #254

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
JonJagger merged 1 commit into from
Mar 2, 2026
Merged

Try one attestation per snyk vulnerability #254

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion .github/workflows/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,6 @@ jobs:
kosli_api_token: ${{ secrets.KOSLI_API_TOKEN }}


# OIDC fails because this is not a composite workflow
snyk-container-scan:
needs: [build-image]
uses: cyber-dojo/live-snyk-scans/.github/workflows/artifact_snyk_test.yml@main
Expand All @@ -129,6 +128,8 @@ jobs:
raw_snyk_policy_url: https://raw.githubusercontent.com/cyber-dojo/${{github.event.repository.name}}/${{github.sha}}/.snyk
aws_rolename: gh_actions_services
kosli_env: ${{vars.KOSLI_AWS_BETA}}
kosli_flow: ${{vars.KOSLI_FLOW}}
kosli_cat: ${{vars.KOSLI_AWS_BETA}}-synk-vuln-ages
secrets:
snyk_token: ${{secrets.SNYK_TOKEN}}
kosli_api_token: ${{secrets.KOSLI_API_TOKEN}}
Expand Down
6 changes: 3 additions & 3 deletions .kosli.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ trail:
type: pull_request

# artifacts:
# - name: saver
# - name: artifact
# attestations:
# - name: snyk-container-scan
# type: snyk
# - name: VULN-NAME
# type: aws-snyk-vuln-ages
14 changes: 7 additions & 7 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,13 @@ FROM cyberdojo/web-base:8a409cd@sha256:d8fda7714933d9312720f01244c8de8bce8fdfbf4
# The FROM statement above is typically set via an automated pull-request from the web-base repo
LABEL maintainer=jon@jaggersoft.com

RUN apk add --upgrade c-ares=1.34.6-r0 # https://security.snyk.io/vuln/SNYK-ALPINE322-CARES-14409293
RUN apk add --upgrade libexpat=2.7.4-r0 # https://security.snyk.io/vuln/SNYK-ALPINE321-EXPAT-13003711
RUN apk upgrade musl # https://security.snyk.io/vuln/SNYK-ALPINE320-MUSL-8720638
RUN apk upgrade libcrypto3 libssl3 # https://security.snyk.io/vuln/SNYK-ALPINE322-OPENSSL-13174133
RUN apk upgrade busybox # https://security.snyk.io/vuln/SNYK-ALPINE321-BUSYBOX-14102399
RUN apk upgrade git # https://security.snyk.io/vuln/SNYK-ALPINE320-GIT-10669667
RUN apk upgrade curl # https://security.snyk.io/vuln/SNYK-ALPINE321-CURL-13277278
#RUN apk add --upgrade c-ares=1.34.6-r0 # https://security.snyk.io/vuln/SNYK-ALPINE322-CARES-14409293
#RUN apk add --upgrade libexpat=2.7.4-r0 # https://security.snyk.io/vuln/SNYK-ALPINE321-EXPAT-13003711
#RUN apk upgrade musl # https://security.snyk.io/vuln/SNYK-ALPINE320-MUSL-8720638
#RUN apk upgrade libcrypto3 libssl3 # https://security.snyk.io/vuln/SNYK-ALPINE322-OPENSSL-13174133
#RUN apk upgrade busybox # https://security.snyk.io/vuln/SNYK-ALPINE321-BUSYBOX-14102399
#RUN apk upgrade git # https://security.snyk.io/vuln/SNYK-ALPINE320-GIT-10669667
#RUN apk upgrade curl # https://security.snyk.io/vuln/SNYK-ALPINE321-CURL-13277278

ARG COMMIT_SHA
ENV SHA=${COMMIT_SHA}
Expand Down