Skip to content

Latest commit

 

History

History
68 lines (53 loc) · 1.53 KB

README.md

File metadata and controls

68 lines (53 loc) · 1.53 KB

Snyk Node Task

A Tekton Task for using Snyk to check for vulnerabilities in your Node projects.

Installation

kubectl apply -f https://raw.githubusercontent.com/garethr/snyk-tekton/master/node/node.yaml

You'll also need to place your Snyk API token in a Kubernetes secret.

kubectl create secret generic snyk --from-literal=token=abcd1234

Usage

You can use the Task as follows:

apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
  name: snyk-node-example
spec:
  taskRef:
    name: snyk-node
  workspaces:
  - name: source
    persistentVolumeClaim:
      claimName: my-source

The Snyk Node Task has parameters which are passed to the underlying image:

Parameter Default Description
args Override the default arguments to the Snyk image
commands test Specify which command to run, for instance test or monitor
snyk-secret snyk The name of the secret which stores the Snyk API token
Workspace Description
source A Tekton Workspace containing the source code to test

For example, you can choose to only report on high severity vulnerabilities.

apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
  name: snyk-node-example
spec:
  taskRef:
    name: snyk-node
  params:
  - name: args
  value:
  - --severity-threshold=high
  workspaces:
  - name: source
    persistentVolumeClaim:
      claimName: my-source