From ec5e3741e8cb98a991fb32b1fad47e45f650619d Mon Sep 17 00:00:00 2001 From: nelsonic Date: Sat, 16 Oct 2021 21:47:27 +0100 Subject: [PATCH 1/4] move Snyk instructions to its only file as it has *many* steps --- README.md | 85 +-------------------------------------- snyk-security-scanning.md | 82 +++++++++++++++++++++++++++++++++++++ 2 files changed, 84 insertions(+), 83 deletions(-) create mode 100644 snyk-security-scanning.md diff --git a/README.md b/README.md index 01b94e0..d12d183 100644 --- a/README.md +++ b/README.md @@ -215,89 +215,8 @@ page views are a good metric to be aware of!_ :chart_with_upwards_trend: ### Snyk _Proactive_ Security Vulnerability Detection -1. Visit: https://snyk.io - -![01-snyk-home-page](https://user-images.githubusercontent.com/194400/49246105-0c6c2900-f40c-11e8-9ff1-824c1f327626.png) - -2. Click the "Signup with GitHub" button/link: - -![02-snyk-signup](https://user-images.githubusercontent.com/194400/49246107-0c6c2900-f40c-11e8-8004-ae31a2369090.png) - -3. Click the button to "Athorise Snyk": - -![03-snyk-authorise](https://user-images.githubusercontent.com/194400/49246108-0c6c2900-f40c-11e8-82e9-deea841fe6bf.png) - -4. Click to "Connect with GitHub": - -![04-snyk-integrations-select-github](https://user-images.githubusercontent.com/194400/49246110-0d04bf80-f40c-11e8-9729-9aa52fd7965e.png) - -5. _Again_ click "Connect with GitHub": - -![05-connect-to-github](https://user-images.githubusercontent.com/194400/49246112-0d04bf80-f40c-11e8-88b2-ef608def7cb0.png) - -6. By default Snyk requests access to both **`public`** and **`private`** repos, -Select whatever is relevant to you and continue: - -![06-snyk-wants-private-repos-by-default](https://user-images.githubusercontent.com/194400/49246113-0d04bf80-f40c-11e8-9766-2c3cf6f4938a.png) - -7. I selected _only_ **`public`** repositories as I _always_ follow the ["principle of least privilege"](https://github.com/dwyl/learn-security#principle-of-least-privilege): - -![07-snyk-select-public-repos-only](https://user-images.githubusercontent.com/194400/49246115-0d04bf80-f40c-11e8-9a8a-ca322d79cea1.png) - -8. Confirm the access that Snyk is requesting: - -![08-snyk-authorise](https://user-images.githubusercontent.com/194400/49246117-0d9d5600-f40c-11e8-825f-1bdab8ac318c.png) - -9. Connect to Snyk to a GitHub Repository: - -![09-snyk-connect-to-github-repo](https://user-images.githubusercontent.com/194400/49246118-0d9d5600-f40c-11e8-9898-0ccbc2041279.png) - -10. Select the desired repository: (_in this case [`hapi-auth-jwt2`](https://github.com/dwyl/hapi-auth-jwt2) ..._) - -![10-snyk-select-desired-repo](https://user-images.githubusercontent.com/194400/49246119-0d9d5600-f40c-11e8-9820-1cea4e45f90a.png) - -11. Add selected repo: - -![11-snyk-add-1-selected-repository](https://user-images.githubusercontent.com/194400/49246121-0d9d5600-f40c-11e8-81bb-d7eb283a2f0f.png) - -12. Wait for the repo to be imported by Snyk: - -![12-snyk-importing](https://user-images.githubusercontent.com/194400/49246122-0d9d5600-f40c-11e8-91a2-e0bb28439f83.png) - -13. Once the repo has finished importing, refresh the page to see your dashboard: - -![13-snyk-finished-securing](https://user-images.githubusercontent.com/194400/49246123-0e35ec80-f40c-11e8-9d5b-e73abe619ae7.png) - -14. From the Snyk dashboard. Click on the project you want to view: - -![14-snyk-dashboard-projects](https://user-images.githubusercontent.com/194400/49246124-0e35ec80-f40c-11e8-87fb-3c15615ebef8.png) - -15. Copy the Snyk "Badge" for inclusion in your project: - -![15-snyk-project-page](https://user-images.githubusercontent.com/194400/49246125-0e35ec80-f40c-11e8-8347-6030901931da.png) - - -Badge Format: -``` -[![Known Vulnerabilities](https://snyk.io/test/github/{username}/{repo}/badge.svg)](https://snyk.io/test/github/{username}/{repo}) - -``` - -Official Badge: [![Known Vulnerabilities](https://snyk.io/test/github/dwyl/hapi-auth-jwt2/badge.svg?targetFile=package.json)](https://snyk.io/test/github/dwyl/hapi-auth-jwt2?targetFile=package.json) -``` -[![Known Vulnerabilities](https://snyk.io/test/github/dwyl/hapi-auth-jwt2/badge.svg?targetFile=package.json)](https://snyk.io/test/github/dwyl/hapi-auth-jwt2?targetFile=package.json) -```` - -Flat Square: [![Known Vulnerabilities](https://snyk.io/test/github/dwyl/hapi-auth-jwt2/badge.svg?targetFile=package.json&style=flat-square)](https://snyk.io/test/github/dwyl/hapi-auth-jwt2?targetFile=package.json) -``` -[![Known Vulnerabilities](https://snyk.io/test/github/dwyl/hapi-auth-jwt2/badge.svg?targetFile=package.json&style=flat-square)](https://snyk.io/test/github/dwyl/hapi-auth-jwt2?targetFile=package.json) -``` - -> Note: _just_ having a 3rd party service telling you there aren't any ***know vulnerabilities*** -does ***not guarantee*** that your app is "_secure_"! You still need to write -good code that escapes all input and follows "best practice"! -But the `snyk` badge & service is a _useful_ early warning system. - +See: +[snyk-security-scanning.md](https://github.com/dwyl/repo-badges/blob/main/snyk-security-scanning.md) # Thank _You_! diff --git a/snyk-security-scanning.md b/snyk-security-scanning.md new file mode 100644 index 0000000..36bf438 --- /dev/null +++ b/snyk-security-scanning.md @@ -0,0 +1,82 @@ +1. Visit: https://snyk.io + +![01-snyk-home-page](https://user-images.githubusercontent.com/194400/49246105-0c6c2900-f40c-11e8-9ff1-824c1f327626.png) + +2. Click the "Signup with GitHub" button/link: + +![02-snyk-signup](https://user-images.githubusercontent.com/194400/49246107-0c6c2900-f40c-11e8-8004-ae31a2369090.png) + +3. Click the button to "Athorise Snyk": + +![03-snyk-authorise](https://user-images.githubusercontent.com/194400/49246108-0c6c2900-f40c-11e8-82e9-deea841fe6bf.png) + +4. Click to "Connect with GitHub": + +![04-snyk-integrations-select-github](https://user-images.githubusercontent.com/194400/49246110-0d04bf80-f40c-11e8-9729-9aa52fd7965e.png) + +5. _Again_ click "Connect with GitHub": + +![05-connect-to-github](https://user-images.githubusercontent.com/194400/49246112-0d04bf80-f40c-11e8-88b2-ef608def7cb0.png) + +6. By default Snyk requests access to both **`public`** and **`private`** repos, +Select whatever is relevant to you and continue: + +![06-snyk-wants-private-repos-by-default](https://user-images.githubusercontent.com/194400/49246113-0d04bf80-f40c-11e8-9766-2c3cf6f4938a.png) + +7. I selected _only_ **`public`** repositories as I _always_ follow the ["principle of least privilege"](https://github.com/dwyl/learn-security#principle-of-least-privilege): + +![07-snyk-select-public-repos-only](https://user-images.githubusercontent.com/194400/49246115-0d04bf80-f40c-11e8-9a8a-ca322d79cea1.png) + +8. Confirm the access that Snyk is requesting: + +![08-snyk-authorise](https://user-images.githubusercontent.com/194400/49246117-0d9d5600-f40c-11e8-825f-1bdab8ac318c.png) + +9. Connect to Snyk to a GitHub Repository: + +![09-snyk-connect-to-github-repo](https://user-images.githubusercontent.com/194400/49246118-0d9d5600-f40c-11e8-9898-0ccbc2041279.png) + +10. Select the desired repository: (_in this case [`hapi-auth-jwt2`](https://github.com/dwyl/hapi-auth-jwt2) ..._) + +![10-snyk-select-desired-repo](https://user-images.githubusercontent.com/194400/49246119-0d9d5600-f40c-11e8-9820-1cea4e45f90a.png) + +11. Add selected repo: + +![11-snyk-add-1-selected-repository](https://user-images.githubusercontent.com/194400/49246121-0d9d5600-f40c-11e8-81bb-d7eb283a2f0f.png) + +12. Wait for the repo to be imported by Snyk: + +![12-snyk-importing](https://user-images.githubusercontent.com/194400/49246122-0d9d5600-f40c-11e8-91a2-e0bb28439f83.png) + +13. Once the repo has finished importing, refresh the page to see your dashboard: + +![13-snyk-finished-securing](https://user-images.githubusercontent.com/194400/49246123-0e35ec80-f40c-11e8-9d5b-e73abe619ae7.png) + +14. From the Snyk dashboard. Click on the project you want to view: + +![14-snyk-dashboard-projects](https://user-images.githubusercontent.com/194400/49246124-0e35ec80-f40c-11e8-87fb-3c15615ebef8.png) + +15. Copy the Snyk "Badge" for inclusion in your project: + +![15-snyk-project-page](https://user-images.githubusercontent.com/194400/49246125-0e35ec80-f40c-11e8-8347-6030901931da.png) + + +Badge Format: +``` +[![Known Vulnerabilities](https://snyk.io/test/github/{username}/{repo}/badge.svg)](https://snyk.io/test/github/{username}/{repo}) + +``` + +Official Badge: [![Known Vulnerabilities](https://snyk.io/test/github/dwyl/hapi-auth-jwt2/badge.svg?targetFile=package.json)](https://snyk.io/test/github/dwyl/hapi-auth-jwt2?targetFile=package.json) +``` +[![Known Vulnerabilities](https://snyk.io/test/github/dwyl/hapi-auth-jwt2/badge.svg?targetFile=package.json)](https://snyk.io/test/github/dwyl/hapi-auth-jwt2?targetFile=package.json) +```` + +Flat Square: [![Known Vulnerabilities](https://snyk.io/test/github/dwyl/hapi-auth-jwt2/badge.svg?targetFile=package.json&style=flat-square)](https://snyk.io/test/github/dwyl/hapi-auth-jwt2?targetFile=package.json) +``` +[![Known Vulnerabilities](https://snyk.io/test/github/dwyl/hapi-auth-jwt2/badge.svg?targetFile=package.json&style=flat-square)](https://snyk.io/test/github/dwyl/hapi-auth-jwt2?targetFile=package.json) +``` + +> Note: _just_ having a 3rd party service telling you there aren't any ***know vulnerabilities*** +does ***not guarantee*** that your app is "_secure_"! You still need to write +good code that escapes all input and follows "best practice"! +But the `snyk` badge & service is a _useful_ early warning system. \ No newline at end of file From 3ef81fa2d54c335a6d071b5e6323da82d037d985 Mon Sep 17 00:00:00 2001 From: nelsonic Date: Sat, 16 Oct 2021 22:01:08 +0100 Subject: [PATCH 2/4] Add instructions/examples for GitHub Actions/Workflow fixex #45 --- README.md | 46 +++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 41 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index d12d183..693d609 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,9 @@ -Code Repository Badges ![build passing](https://raw.githubusercontent.com/dwyl/repo-badges/master/highresPNGs/build-passing.png) -=========== +
+ +# Code Repository Badges +![build passing](https://raw.githubusercontent.com/dwyl/repo-badges/master/highresPNGs/build-passing.png) + +
## Why? [![start with why](https://img.shields.io/badge/start%20with-why%3F-brightgreen.svg?style=flat)](http://www.ted.com/talks/simon_sinek_how_great_leaders_inspire_action) @@ -80,14 +84,46 @@ Then you can copy the badge directly from the resulting page. e.g: [![Inline docs](http://inch-ci.org/github/{ORG-or-USERNAME}/{REPO-NAME}.svg?branch=master)](http://inch-ci.org/github/{ORG-or-USERNAME}/{REPO-NAME}) ``` -### Build Passing [![Build Status](https://travis-ci.org/dwyl/esta.svg?branch=master)](https://travis-ci.org/) +## Build Passing [![Build Status](https://travis-ci.org/dwyl/esta.svg?branch=master)](https://travis-ci.org/) -```md -[![Build Status](https://travis-ci.org/{ORG-or-USERNAME}/{REPO-NAME}.png?branch=master)](https://travis-ci.org/{ORG-or-USERNAME}/{REPO-NAME}) +### GitHub Actions/Workflows + +If you are using GitHub Actions/Workflows +https://github.com/features/actions +to run your Continuous Integration (CI), +then you can include a badge in your project's `README.md` + +Regular badge template: +``` +![example workflow](https://github.com///actions/workflows//badge.svg) +``` +e.g: +``` +![GitHub CI](https://github.com/dwyl/auth_plug/actions/workflows/ci.yml/badge.svg) +``` + +![GitHub CI](https://github.com/dwyl/auth_plug/actions/workflows/ci.yml/badge.svg) + +Custom badge via Shields.io: https://shields.io/category/build +![image](https://user-images.githubusercontent.com/194400/137601498-5a5496dc-f610-4931-8fa6-45e9ef9cd051.png) + +Example: ``` +![GitHub Workflow Status](https://img.shields.io/github/workflow/status/dwyl/auth_plug/Elixir%20CI?label=build&style=flat-square) +``` +![GitHub Workflow Status](https://img.shields.io/github/workflow/status/dwyl/auth_plug/Elixir%20CI?label=build&style=flat-square) + +
+ +### Travis-CI You'll need to setup your project on [**Travis-CI**](https://github.com/dwyl/learn-travis) and write **unit tests** (*preferably TDD!*) for this to work ... if you're stuck ask us how! + +```md +[![Build Status](https://travis-ci.org/{ORG-or-USERNAME}/{REPO-NAME}.png?branch=master)](https://travis-ci.org/{ORG-or-USERNAME}/{REPO-NAME}) +``` + ### CodeClimate Setup your repository by adding it on code climate then copy the badge markdown from them! From faab453eace7fd5142286232bbe70863fd06437d Mon Sep 17 00:00:00 2001 From: nelsonic Date: Sat, 16 Oct 2021 22:05:54 +0100 Subject: [PATCH 3/4] comment out Inch-CI section see: https://github.com/dwyl/repo-badges/issues/47 --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 693d609..69b5779 100644 --- a/README.md +++ b/README.md @@ -68,6 +68,7 @@ We use https://david-dm.org/ to track our dependencies. david-dm is lovingly mai ## How? + ## Build Passing [![Build Status](https://travis-ci.org/dwyl/esta.svg?branch=master)](https://travis-ci.org/) -### GitHub Actions/Workflows +### GitHub Actions/Workflows If you are using GitHub Actions/Workflows https://github.com/features/actions From c0fa88625206fc02113f2452e54d5e8146e5764e Mon Sep 17 00:00:00 2001 From: nelsonic Date: Sat, 16 Oct 2021 22:08:15 +0100 Subject: [PATCH 4/4] add direct link to GitHub Actions docs badges section for #45 --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 69b5779..32b50f9 100644 --- a/README.md +++ b/README.md @@ -93,7 +93,8 @@ Then you can copy the badge directly from the resulting page. e.g: If you are using GitHub Actions/Workflows https://github.com/features/actions to run your Continuous Integration (CI), -then you can include a badge in your project's `README.md` +then you can include a badge in your project's `README.md`: +https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/adding-a-workflow-status-badge Regular badge template: ```