Snyk Docker
This producer component that scans Docker containers with Snyk.
Read more about what it does on the Snyk homepage and GitHub repo.
How to use with Smithy
Open-Source
- Add the Helm package to the pipeline settings:
---
# file: ./my-pipeline/kustomization.yaml
components:
- pkg:helm/smithy-security-oss-components/producer-snyk-docker
- Configure the run parameter of the component in the pipeline run file.
# file: ./my-pipeline/pipelinerun.yaml
---
...
spec:
...
params:
- name: producer-snyk-docker-api-key
value: <your snyk api key>
- name: producer-snyk-docker-image
value: <the docker image you are trying to scan>
SaaS
- In the Smithy UI, open the page to create a new workflow.
- Find the Snyk Docker in the Producers dropdown.
- Configure the parameters in the form on the right
Options
You can configure this component with the following options:
| Option Name | Description | Default | Type |
|---|---|---|---|
| [Required] producer-snyk-docker-api-key | Snyk API key | String | |
| [Required] producer-snyk-docker-image | The docker image to be pulled from the registry, e.g. "my-app:latest" | String |