This example application has a sample application along with a Codefresh pipeline that can build, scan, and promote a Docker image.
Warning These instructions are incomplete. Some variables in the pipeline need to be updated to match your environment. Update coming soon.
RunningUnitTests:
stage: scan
title: Running Unit Tests
image: '${{BuildingDockerImage}}'
working_directory: IMAGE_WORK_DIR
entry_point:
- /bin/sh
- /codefresh/volume/cf-generated/unit_test_script
create_file:
path: /codefresh/volume/cf-generated
name: unit_test_script
content: |-
npm install -g snyk
snyk test || true
on_success:
metadata:
set:
- '${{BuildingDockerImage.imageId}}':
- CF_QUALITY: true
on_fail:
metadata:
set:
- '${{BuildingDockerImage.imageId}}':
- CF_QUALITY: false
SnykScanImage:
stage: scan
type: composition
composition:
version: '2'
services:
targetimage:
image: ${{BuildingDockerImage}} # Must be the Docker build step name
command: sh -c "exit 0"
labels:
build.image.id: ${{CF_BUILD_ID}} # Provides a lookup for the composition
composition_candidates:
scan_service:
image: aarlaudsnyk/snyk-container-scan-docker
command: python snyk-cli.py "${{IMAGE_NAME}}:${{CF_BRANCH_TAG_NORMALIZED}}"
environment:
- SNYK_TOKEN=${{SNYK_TOKEN}}
- SNYK_ORG=${{SNYK_ORG}}
depends_on:
- targetimage
volumes: # Volumes required to run DIND
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker:/var/lib/docker
add_flow_volume_to_composition: true
on_success: # Execute only once the step succeeded
metadata: # Declare the metadata attribute
set: # Specify the set operation
- ${{BuildingDockerImage.imageId}}: # Select any number of target images
- SECURITY_SCAN: true
on_fail: # Execute only once the step failed
metadata: # Declare the metadata attribute
set: # Specify the set operation
- ${{BuildingDockerImage.imageId}}: # Select any number of target images
- SECURITY_SCAN: false
- Codefresh account (free or paid)
- Snyk account (free or paid)
- Dockerhub account (Optional)
Signin to Codefresh and click "Add Repository" from the repositories screen. Paste in the url for this repo and click next. Then select "I have a Codefresh.yml" and put ./.codefresh/codefresh.yml for the path. This will preview the Codefresh yaml, then follow the instructions to finish creating the pipeline.
You can type in the variables by hand, or just copy and paste the following:
PORT=8080
SNYK_ORG=aarlaud-snyk-demo
IMAGE_NAME=aarlaudsnyk/trainingapp
SNYK_TOKEN=addapikeyhere
Select "Import from Text" to import.
We'll also add a token from Snyk. You can get this from your Snyk account settings. Add this variable with SNYK_TOKEN as the key. Then check encrypt to store the token securely.
Codefresh has a built-in private Docker registry. In this example we're building and pushing a public image so we'll use Docker hub. Follow the instructions in the Docker Registry integration page.
You can skip this step by removing the promote to Dockerhub step.