shell/snyk-cli-scanner-run.sh

   1 #!/bin/bash -l
   2 # SPDX-License-Identifier: EPL-1.0
   3 ##############################################################################
   4 # Copyright (c) 2023 The Linux Foundation and others.
   5 #
   6 # All rights reserved. This program and the accompanying materials
   7 # are made available under the terms of the Eclipse Public License v1.0
   8 # which accompanies this distribution, and is available at
   9 # http://www.eclipse.org/legal/epl-v10.html
  10 ##############################################################################
  11 echo "---> snyk-cli-scanner-run.sh"
  12 # shellcheck disable=SC1090
  13 source ~/lf-env.sh
  14
  15 # Install Snyk CLI dependencies for Python
  16 if [[ "$JOB_NAME" =~ "python" ]]; then
  17     # Install Snyk CLI dependencies for Python based projects
  18     lf-activate-venv flask flask-api flask-cors pg8000 pandas
  19 else
  20     lf-activate-venv
  21 fi
  22 # Add mvn to PATH so that the Snyk CLI can use it
  23 export PATH=$PATH:"$M2_HOME"/bin
  24 # Download and install the latest Snyk scanner
  25 echo "Installing Snyk (latest)..."
  26 curl https://static.snyk.io/cli/latest/snyk-linux -o snyk
  27 sudo chmod +x ./snyk
  28 sudo mv ./snyk /usr/local/bin/
  29 echo "Verifying Snyk version..."
  30 snyk --version
  31 echo "Authenticate with SNYK_TOKEN..."
  32 snyk auth "$SNYK_CLI"
  33 echo "Running Snyk CLI..."
  34 if [[ "$JOB_NAME" =~ "docker" ]]; then
  35     snyk container test "$SNYK_CLI_OPTIONS" \
  36         "$CONTAINER_PULL_REGISTRY/$DOCKER_NAME:$DOCKER_IMAGE_TAG" --org="$SNYK_ORG"
  37     snyk container monitor "$SNYK_CLI_OPTIONS" \
  38         "$CONTAINER_PULL_REGISTRY/$DOCKER_NAME:$DOCKER_IMAGE_TAG" --org="$SNYK_ORG"
  39 else
  40     snyk test --json --severity-threshold=low "$SNYK_CLI_OPTIONS" --org="$SNYK_ORG"
  41     snyk monitor --severity-threshold=low "$SNYK_CLI_OPTIONS" --org="$SNYK_ORG"
  42 fi