Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Snyk scanning and upload results #343

Merged
merged 3 commits into from
Dec 19, 2024
Merged

Fix Snyk scanning and upload results #343

merged 3 commits into from
Dec 19, 2024

Conversation

julienp
Copy link
Contributor

@julienp julienp commented Dec 17, 2024
edited
Loading

Fix scanning for all images by correctly setting the platform. Scan results are upload to GitHub code scanning.

@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@julienp julienp changed the title julienp/snyk Fix Snyk scanning and upload results Dec 17, 2024
@julienp julienp force-pushed the julienp/snyk branch 2 times, most recently from 252fd84 to 60b788e Compare December 17, 2024 15:32
@julienp julienp added the impact/no-changelog-required This issue doesn't require a CHANGELOG update label Dec 17, 2024
@julienp
Copy link
Contributor Author

julienp commented Dec 17, 2024

This currently flags a number of issues https://github.com/pulumi/pulumi-docker-containers/security/code-scanning?page=2&query=is%3Aopen+branch%3Ajulienp%2Fsnyk

We do get a fair amount of duplication across the images. Most of them are the recent golang.org/x/crypto/ssh issue, which should be fixed in the next pulumi release by virtue of building with the latest golang. There's a number of other things in there I will triage once this lands.

@julienp julienp marked this pull request as ready for review December 17, 2024 15:37
@julienp julienp requested a review from a team as a code owner December 17, 2024 15:37
lunaris
lunaris approved these changes Dec 17, 2024
View reviewed changes
.github/workflows/snyk-scan.yml Outdated Show resolved Hide resolved
.github/workflows/snyk-scan.yml
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
with:
tool-cache: false
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What leads to tons of disk usage here? Is it the outputs of scanning?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The image itself is fairly large, plus it download some snyk image. Not sure what precisely causes us to run out of space, but for kitchen-sink it failed with ENOSPC before :/

.github/workflows/snyk-scan.yml Show resolved Hide resolved
.github/workflows/snyk-scan.yml Outdated Show resolved Hide resolved
@julienp julienp merged commit 9213bc8 into main Dec 19, 2024
91 checks passed
@julienp julienp deleted the julienp/snyk branch December 19, 2024 10:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lunaris lunaris lunaris approved these changes

Assignees
No one assigned
Labels
impact/no-changelog-required This issue doesn't require a CHANGELOG update
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@julienp @lunaris