Snyk SBOM #881
Snyk SBOM #881
Conversation
| "time" | ||
|
|
||
| "github.com/go-errors/errors" | ||
|
|
| ) | ||
|
|
||
| func main() { | ||
| ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute) |
There was a problem hiding this comment.
Is 1 minute timeout a bit aggressive here?
| return errors.Errorf("could not create transformer: %w", err) | ||
| } | ||
|
|
||
| if err := component.RunScanner(ctx, ocsfTransformer, opts...); err != nil { |
There was a problem hiding this comment.
I'd just pass component.RunnerWithComponentName("semgrep") and delete opts here as we're only using what I mentioned and not extending it
| - --all-projects | ||
| - --json-file-output={{scratchWorkspace}}/snyk-sbom.out | ||
| - "{{sourceCodeWorkspace}}/" | ||
| - name: upload-sbom-to-dependency-track |
There was a problem hiding this comment.
We already have a dependency track reporter, why do we want to do this bit?
| rawOutFilePath, err := env.GetOrDefault( | ||
| "RAW_OUT_FILE_PATH", | ||
| "", | ||
| env.WithDefaultOnError(false), |
There was a problem hiding this comment.
If env.WithDefaultOnError(false) is false you can omit it as it's the default
| @@ -0,0 +1,6 @@ | |||
| package ptr | |||
There was a problem hiding this comment.
There's a utility for this in smithy/pkg/utils
|
|
||
| # Set working directory | ||
| WORKDIR /app | ||
| COPY ./entrypoint.sh /exit_0_with_vulns.sh |
There was a problem hiding this comment.
Where's the entrypoint specified here?
| RUN chmod +x /exit_0_with_vulns.sh | ||
|
|
||
| # Create a script to handle architecture detection and binary download | ||
| RUN echo '#!/bin/bash \n\ |
| @@ -0,0 +1,154 @@ | |||
| # Start with a base image | |||
There was a problem hiding this comment.
Is there a ready image for this? It looks a little overkill to having to bake this
| @@ -0,0 +1,5 @@ | |||
| description: Snyk based workflow | |||
No description provided.