-
Notifications
You must be signed in to change notification settings - Fork 153
/
Copy pathCircleCi3-binary-nodeJS.yml
42 lines (37 loc) · 1.98 KB
/
CircleCi3-binary-nodeJS.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# A nodeJS circleCI script that leverages the Snyk CLI tool to conduct SCA, Code, Container, and IaC scans. HTML artifacts are generated for all the scans using snyk-to-html.
version: 2.1
jobs:
build:
docker:
- image: circleci/node:latest
steps:
- checkout
- run: npm install --force
- run: npm update
- run: | #install Snyk CLI tool and snyk-to-html + authenticate into Snyk
curl https://static.snyk.io/cli/latest/snyk-linux -o snyk
chmod +x ./snyk
curl -L https://github.com/snyk/snyk-to-html/releases/download/v2.3.1/snyk-to-html-linux -o snyk-to-html
chmod +x ./snyk-to-html
./snyk auth $SNYK_TOKEN
# SCA scan with severity threshold set to high
- run: ./snyk test --severity-threshold=critical --json | ./snyk-to-html -o sca_results.html
- store_artifacts:
path: sca_results.html
destination: sca_results.html
# SAST code scan
- run: ./snyk code test --json | ./snyk-to-html -o code_results.html
- store_artifacts:
path: code_results.html
destination: code_results.html
# Container image scan - replace amitsnyk/snyk-juice-shop:latest with your registry/image_name:tag.
- run: ./snyk container test amitsnyk/snyk-juice-shop:latest --json | ./snyk-to-html -o container_results.html
- store_artifacts: #store container json output generated by Snyk
path: container_results.html
destination: container_results.html
# IaC scan
- run: ./snyk iac test --json | ./snyk-to-html -o iac_results.html
- store_artifacts: #store iac json output generated by Snyk
path: iac_results.html
destination: iac_results.html
workflows: null