cicdepresentations

Presentations for The Digital Academy

View on GitHub

Snyk Vulnerability Scanning Hands On

In this hands on activity we are going to integrate Snyk vulnerability scanning into our build pipeline.

  1. Use your GitHub account to create an account on Snyk.io
  2. Install Snyk.io globally on your local machine npm install -g snyk
  3. Navigate to the Vue-Client folder and run snyk auth to login and then snyk test to scan your repo.
  4. Add a job into your build pipeline to scan for vulnerabilities, this job does not need the app to be built to run.
  5. Add a secret variable to your build pipeline to store your Snyk Authentication token
    • https://snyk.io/docs/cli-authentication/
  6. Install snyk on the pipeline.
  7. Run snyk test in vue-client and express-api.
  8. Run the test.
  9. Ignore the issue that are found by adding them to your build script
    • https://snyk.io/docs/cli-ignore/
    • please note at the moment there is a bit of a bug in this hands on so we’ll just remove the test for now. :(
  10. Run your test again
  - job: scan_secrets
    pool:
      vmImage: 'Ubuntu-16.04'
    steps:
    - script: echo "I do nothing"