From 561a64d14e743cc03d16440356c40c1aa5d5f552 Mon Sep 17 00:00:00 2001 From: Piotr Limanowski Date: Wed, 27 Nov 2024 11:42:31 +0100 Subject: [PATCH] Add snyk-check script in env --- flake.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 7258c456f..bf3d785f9 100644 --- a/flake.nix +++ b/flake.nix @@ -35,13 +35,18 @@ jre metals sbt - # pkgs.nodePackages.snyk pkgs.kubernetes-helm # (pkgs.wrapHelm pkgs.kubernetes-helm {plugins = [pkgs.kubernetes-helmPlugins.helm-diff];}) # pkgs.google-cloud-sdk.withExtraComponents( with pkgs.google-cloud-sdk.components [ gke-gcloud-auth-plugin ]); (pkgs.google-cloud-sdk.withExtraComponents [pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin]) # pkgs.google-cloud-sdk-gce + pkgs.snyk ]; + scripts = { + snyk-check.exec = '' + for p in kinesis pubsub kafka nsq; do sbt "project ''${p}Distroless; set version := \"latest\"; Docker / publishLocal"; snyk container test --platform=linux/arm64 --app-vulns snowplow/scala-stream-collector-''${p}:latest-distroless; done + ''; + }; languages.nix.enable = true; pre-commit.hooks = { alejandra.enable = true;