Scan Docker images in Snyk Github action #1191
Comments
lmath
added a commit
that referenced
this issue
Feb 14, 2023
We are moving over to using `snyk container monitor` because we want to - be able to keep track of vulnerabilities in the docker images we create on release without manually adding them in the Snyk UI - continue scanning our java/scala jar files
lmath
added a commit
that referenced
this issue
Feb 14, 2023
We are moving over to using `snyk container monitor` because we want to - be able to keep track of vulnerabilities in the docker images we create on release without manually adding them in the Snyk UI - continue scanning our java/scala jar files
lmath
added a commit
that referenced
this issue
Feb 15, 2023
We are moving over to using `snyk container monitor` because we want to - be able to keep track of vulnerabilities in the docker images we create on release without manually adding them in the Snyk UI - continue scanning our java/scala jar files
lmath
added a commit
that referenced
this issue
Feb 17, 2023
Whenever we release RDB loader, we run a Snyk scan to check for security vulnerabilites. Previously, we had a separate Github action for this, `snyk.yml` which just ran `snyk monitor` and did not scan the docker images. We are moving over to using `snyk container monitor` because we want to - be able to keep track of vulnerabilities in the docker images we create on release without manually adding them in the Snyk UI - continue scanning our java/scala jar files Note that even though we are already creating docker images in `ci.yml`, they are pushed to the remote registry only, and that is why here we additionally add a step to create local Docker images for the Snyk scan.
istreeter
pushed a commit
that referenced
this issue
Mar 3, 2023
Whenever we release RDB loader, we run a Snyk scan to check for security vulnerabilites. Previously, we had a separate Github action for this, `snyk.yml` which just ran `snyk monitor` and did not scan the docker images. We are moving over to using `snyk container monitor` because we want to - be able to keep track of vulnerabilities in the docker images we create on release without manually adding them in the Snyk UI - continue scanning our java/scala jar files Note that even though we are already creating docker images in `ci.yml`, they are pushed to the remote registry only, and that is why here we additionally add a step to create local Docker images for the Snyk scan.
istreeter
pushed a commit
that referenced
this issue
Mar 7, 2023
Whenever we release RDB loader, we run a Snyk scan to check for security vulnerabilites. Previously, we had a separate Github action for this, `snyk.yml` which just ran `snyk monitor` and did not scan the docker images. We are moving over to using `snyk container monitor` because we want to - be able to keep track of vulnerabilities in the docker images we create on release without manually adding them in the Snyk UI - continue scanning our java/scala jar files Note that even though we are already creating docker images in `ci.yml`, they are pushed to the remote registry only, and that is why here we additionally add a step to create local Docker images for the Snyk scan.
This was referenced Nov 30, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Let's use
snyk container monitorbecause we want toadding them in the Snyk UI
--app-vulns)The text was updated successfully, but these errors were encountered: