Snyk

Snyk CLI scans and monitors your projects for security vulnerabilities.

🚀 Usage

Add the following command to your CI configuration file:

fluentci run --wasm snyk iac test --severity-threshold=medium

Commands

Name	Description
setup	Install Snyk
test	Scan vulnerabilities in your codebase
iac test	Scan vulnerabilities in your infrastructure as code
code test	Find security issue using static code analysis
sbom	Generate or test an SBOM document in ecosystems supported by Snyk
log4shell	Scan for Log4Shell vulnerability
container	Scan container images for vulnerabilities and generate an SBOM for a container image

Code examples

Add fluentci-pdk crate to your Cargo.toml:

[dependencies]
fluentci-pdk = "0.2.1"

Use the following code to call a module function:

use fluentci_pdk::dag;

// ...

dag().call(
  "https://pkg.fluentci.io/[email protected]?wasm=1",
  "iac",
  vec!["test", "--severity-threshold=medium"],
);

CI/CD Integration

The following example shows how to integrate FluentCI with popular CI providers to scan vulnerabilities using Snyk:

Github Actions
GitLab CI
Circle CI
Azure Pipelines
AWS CodePipeline

ci.yml
name: ci
on:
  push:
    branches:
      - main
jobs:
  tasks:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Setup Fluent CI
        uses: fluentci-io/setup-fluentci@v5
        with:
          wasm: true
          plugin: snyk
          args: |
            iac test --severity-threshold=medium
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
      

.gitlab-ci.yml

.docker:
  image: denoland/deno:debian-1.42.4
  services:
    - docker:${DOCKER_VERSION}-dind
  variables:
    DOCKER_HOST: tcp://docker:2376
    DOCKER_TLS_VERIFY: "1"
    DOCKER_TLS_CERTDIR: /certs
    DOCKER_CERT_PATH: /certs/client
    DOCKER_DRIVER: overlay2
    DOCKER_VERSION: 20.10.16
    GITLAB_ACCESS_TOKEN: $GITLAB_ACCESS_TOKEN
    SNYK_TOKEN: $SNYK_TOKEN
.fluentci:
  extends: .docker
  before_script:
    - apt-get update
    - apt-get install -y curl tar gzip ca-certificates openssl git unzip libncursesw6
    - deno install -A -r https://cli.fluentci.io -n fluentci
    - fluentci --version
    - curl -L https://dl.dagger.io/dagger/install.sh | DAGGER_VERSION=0.12.3 sh
    - mv bin/dagger /usr/local/bin
    - dagger version
scan:
  extends: .fluentci
  script:
    - fluentci run --wasm snyk iac test --severity-threshold=medium

.circleci/config.yml
version: 2.1
jobs:
  job:
    steps:
      - checkout
      - run: |
          sudo apt-get update && sudo apt-get install -y curl unzip
          curl -fsSL https://cli.fluentci.io | bash
          fluentci --version
        name: Setup FluentCI
      - run: fluentci run --wasm snyk iac test --severity-threshold=medium
        name: scan vulnerabilities
    machine:
      image: ubuntu-2004:2023.07.1
workflows:
  fluentci:
    jobs:
      - job

azure-pipelines.yml
trigger:
  - main
pool:
  vmImage: ubuntu-latest
steps:
  - script: |
      curl -fsSL https://cli.fluentci.io | bash
      fluentci --version
      echo "##vso[task.prependpath]${HOME}/.deno/bin
    displayName: Setup FluentCI
  - script: |
      fluentci run --wasm snyk iac test --severity-threshold=medium
    displayName: scan vulnerabilities

buildspec.yml
version: 0.2
phases:
  install:
    commands:
      - curl -fsSL https://cli.fluentci.io | bash
      - fluentci --version
  build:
    commands:
      - fluentci run --wasm snyk iac test --severity-threshold=medium
  post_build:
    commands:
      - echo Build completed on `date`

🚀 Usage​

Commands​

Code examples​

CI/CD Integration​

🚀 Usage

Commands

Code examples

CI/CD Integration