diff --git a/CircleCI/CircleCi3-binary-nodeJS.yml b/CircleCI/CircleCi3-binary-nodeJS.yml new file mode 100644 index 0000000..18facf3 --- /dev/null +++ b/CircleCI/CircleCi3-binary-nodeJS.yml @@ -0,0 +1,42 @@ +# A nodeJS circleCI script that leverages the Snyk CLI tool to conduct SCA, Code, Container, and IaC scans. HTML artifacts are generated for all the scans using snyk-to-html. +version: 2.1 + +jobs: + build: + docker: + - image: circleci/node:latest + steps: + - checkout + - run: npm install --force + - run: npm update + - run: | #install Snyk CLI tool and snyk-to-html + authenticate into Snyk + curl https://static.snyk.io/cli/latest/snyk-linux -o snyk + chmod +x ./snyk + curl -L https://github.com/snyk/snyk-to-html/releases/download/v2.3.1/snyk-to-html-linux -o snyk-to-html + chmod +x ./snyk-to-html + ./snyk auth $SNYK_TOKEN + + # SCA scan with severity threshold set to high + - run: ./snyk test --severity-threshold=critical --json | ./snyk-to-html -o sca_results.html + - store_artifacts: + path: sca_results.html + destination: sca_results.html + + # SAST code scan + - run: ./snyk code test --json | ./snyk-to-html -o code_results.html + - store_artifacts: + path: code_results.html + destination: code_results.html + + # Container image scan - replace amitsnyk/snyk-juice-shop:latest with your registry/image_name:tag. + - run: ./snyk container test amitsnyk/snyk-juice-shop:latest --json | ./snyk-to-html -o container_results.html + - store_artifacts: #store container json output generated by Snyk + path: container_results.html + destination: container_results.html + + # IaC scan + - run: ./snyk iac test --json | ./snyk-to-html -o iac_results.html + - store_artifacts: #store iac json output generated by Snyk + path: iac_results.html + destination: iac_results.html + workflows: null