Merge pull request #73 from cyber-dojo/update-snyk-file-106

Update .snyk file to ignore two new low level vulnerabilities

.github/workflows/force-ci-run

@@ -1,2 +1,2 @@
 Edit this file for a quick way to force a CI run
-105
+106

.snyk

@@ -1,3 +1,15 @@
 # This file specifies snyk vulnerabilities to be ignored.
 # If this file contains only comments, then no vulnerabilities are ignored
 # but do not delete this file - it is needed for the live-snyk-scans repo workflows.
+ignore:
+  SNYK-GOLANG-GITHUBCOMGOLANGJWTJWTV4-8341242:
+    - '*':
+        reason: No fix available
+        expires: 2025-01-08T10:03:36.581Z
+        created: 2024-11-08T10:03:36.589Z
+  SNYK-ALPINE320-CURL-8348469:
+    - '*':
+        reason: No fix available
+        expires: 2025-01-08T10:03:36.581Z
+        created: 2024-11-08T10:03:36.589Z
+patch: {}

bin/snyk_container_scan.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+set -Eeu
+
+export ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+source "${ROOT_DIR}/bin/lib.sh"
+export $(echo_versioner_env_vars)
+
+readonly IMAGE_NAME="${CYBER_DOJO_RUNNER_IMAGE}:${CYBER_DOJO_RUNNER_TAG}"
+
+snyk container test "${IMAGE_NAME}" \
+  --file="${ROOT_DIR}/Dockerfile" \
+  --sarif \
+  --sarif-file-output="${ROOT_DIR}/snyk.container.scan.json" \
+  --policy-path="${ROOT_DIR}/.snyk"

test/lib/run.sh

@@ -2,7 +2,7 @@
 
 readonly MY_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 export COVERAGE_ROOT="${1}" # eg /tmp/coverage
-readonly TEST_LOG="${2}"    # eg testlog
+readonly TEST_LOG="${2}"    # eg test.log
 readonly TYPE="${3}"        # eg client|server
 shift; shift; shift