github.com/argoproj/argo-cd/v2@v2.10.9/hack/snyk-container-tests.sh

github.com/argoproj/argo-cd/v2@v2.10.9/hack/snyk-container-tests.sh (about)

     1  #!/usr/bin/env bash
     2  
     3  set -e
     4  set -o pipefail
     5  
     6  images=$(grep 'image: ' manifests/install.yaml manifests/namespace-install.yaml manifests/ha/install.yaml | sed 's/.*image: //' | sort | uniq)
     7  
     8  failed=false
     9  while IFS= read -r image; do
    10    extra_args=""
    11    if echo "$image" | grep "argocd"; then
    12      # Pass the file arg only for the Argo CD image. The file arg also gives us access to sarif output.
    13      extra_args="--file=Dockerfile --sarif-file-output=/tmp/argocd-image.sarif"
    14    fi
    15  
    16    set -x
    17    if ! snyk container test "$image" --org=argoproj --severity-threshold=high $extra_args; then
    18      failed=true
    19    fi
    20    set +x
    21  
    22  done <<< "$images"
    23  
    24  if [ "$failed" == "true" ]; then
    25    exit 1
    26  fi