A Tekton Task for using Snyk to check for vulnerabilities in your Python projects.
kubectl apply -f https://raw.githubusercontent.com/garethr/snyk-tekton/master/python/python.yaml
You'll also need to place your Snyk API token in a Kubernetes secret.
kubectl create secret generic snyk --from-literal=token=abcd1234
You can use the Task as follows:
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
name: snyk-python-example
spec:
taskRef:
name: snyk-python
workspaces:
- name: source
persistentVolumeClaim:
claimName: my-source
The Snyk Python Task has parameters which are passed to the underlying image:
Parameter | Default | Description |
---|---|---|
args | Override the default arguments to the Snyk image | |
commands | test | Specify which command to run, for instance test or monitor |
snyk-secret | snyk | The name of the secret which stores the Snyk API token |
Workspace | Description |
---|---|
source | A Tekton Workspace containing the source code to test |
For example, you can choose to only report on high severity vulnerabilities.
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
name: snyk-python-example
spec:
taskRef:
name: snyk-python
params:
- name: args
value:
- --severity-threshold=high
workspaces:
- name: source
persistentVolumeClaim:
claimName: my-source