mirror of
https://github.com/argoproj/argo-cd
synced 2026-04-21 17:07:16 +00:00
e3940cd2bf
* chore: generate Snyk reports Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> sarif Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> dashboard Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> cron job Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> more consistent formatting Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> clarification Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> sarif files Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> fix naming, fix doc get text Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> apply suggestions Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> apply suggestions Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> blarn Signed-off-by: CI <michael@crenshaw.dev> ignore errors due to vulns Signed-off-by: CI <michael@crenshaw.dev> specify target branch in script Signed-off-by: CI <michael@crenshaw.dev> don't checkout before running script Signed-off-by: CI <michael@crenshaw.dev> make sure dest dir exists Signed-off-by: CI <michael@crenshaw.dev> fix workflow Signed-off-by: CI <michael@crenshaw.dev> * update scans Signed-off-by: CI <michael@crenshaw.dev> * update reports Signed-off-by: CI <michael@crenshaw.dev> * use latest ignore rules Signed-off-by: CI <michael@crenshaw.dev> * update reports Signed-off-by: CI <michael@crenshaw.dev> * update reports Signed-off-by: CI <michael@crenshaw.dev> * update reports, add link to latest, push to master instead of stable Signed-off-by: CI <michael@crenshaw.dev> * fix for double-digit patch versions Signed-off-by: CI <michael@crenshaw.dev> * clean up testing changes Signed-off-by: CI <michael@crenshaw.dev>
26 lines
676 B
Bash
Executable file
26 lines
676 B
Bash
Executable file
#!/usr/bin/env bash
|
|
|
|
set -e
|
|
set -o pipefail
|
|
|
|
images=$(grep 'image: ' manifests/install.yaml manifests/namespace-install.yaml manifests/ha/install.yaml | sed 's/.*image: //' | sort | uniq)
|
|
|
|
failed=false
|
|
while IFS= read -r image; do
|
|
extra_args=""
|
|
if echo "$image" | grep "argocd"; then
|
|
# Pass the file arg only for the Argo CD image. The file arg also gives us access to sarif output.
|
|
extra_args="--file=Dockerfile --sarif-file-output=/tmp/argocd-image.sarif"
|
|
fi
|
|
|
|
set -x
|
|
if ! snyk container test "$image" --org=argoproj --severity-threshold=high $extra_args; then
|
|
failed=true
|
|
fi
|
|
set +x
|
|
|
|
done <<< "$images"
|
|
|
|
if [ "$failed" == "true" ]; then
|
|
exit 1
|
|
fi
|