Skip to content
Live Snyk scans of aws-prod

Live Snyk scans of aws-prod #118

Sign in to view logs

Live Snyk scans of aws-prod

Live Snyk scans of aws-prod #118

Workflow file for this run

.github/workflows/snyk_scan_aws_prod.yml at 76099e9
name: Live Snyk scans of aws-prod
on:
push:
branches:
- main
workflow_dispatch:
schedule: # At 09:00 every Saturday
- cron: '0 9 * * SAT'
env:
KOSLI_ORG: ${{ vars.KOSLI_ORG }} # cyber-dojo
KOSLI_HOST: ${{ vars.KOSLI_HOST }}
KOSLI_API_TOKEN: ${{ secrets.KOSLI_API_TOKEN }}
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
AWS_ACCOUNT_ID: ${{ vars.AWS_ACCOUNT_ID }}
AWS_REGION: ${{ vars.AWS_REGION }}
jobs:
snyk-scan:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Kosli CLI
uses: kosli-dev/setup-cli-action@v2
with:
version: ${{ vars.KOSLI_CLI_VERSION }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/gh_actions_live_snyk_scans
aws-region: ${{ env.AWS_REGION }}
role-duration-seconds: 2400
role-session-name: ${{ github.event.repository.name }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Setup Snyk
uses: snyk/actions/setup@master
- name: Run Snyk
run: |
export KOSLI_ENVIRONMENT=aws-prod
export KOSLI_FLOW=aws-prod-snyk-scan
export KOSLI_TRAIL=$(date +"%Y-%m-%d-T-%H-%M-%S")
./snyk_scan_live_artifacts_and_attest_to_kosli.sh \
"${KOSLI_HOST}" \
"${KOSLI_API_TOKEN}"