From 53949dc5cd5c5a816835dbc659af02d22087cd84 Mon Sep 17 00:00:00 2001
From: Trevor Whitney <trevorjwhitney@gmail.com>
Date: Mon, 30 Oct 2023 14:49:31 -0600
Subject: [PATCH] add scan-vulnerabilities make target (#10971)

**What this PR does / why we need it**:

Adds a make file target for running both trivy and snyk to scan our
images for vulnerabilities during/before releases.
---
 .gitignore |  3 +++
 Makefile   | 10 ++++++++++
 2 files changed, 13 insertions(+)

diff --git a/.gitignore b/.gitignore
index ef9a59d5e5c26..66eb0a8cefeb2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -51,3 +51,6 @@ pkg/loki/wal
 
 # nix
 nix/result
+
+# snyk
+.dccache
diff --git a/Makefile b/Makefile
index 2ef80687e7a13..dace8181353f3 100644
--- a/Makefile
+++ b/Makefile
@@ -831,5 +831,15 @@ dev-k3d-down:
 	$(MAKE) -C $(CURDIR)/tools/dev/k3d down
 
 # Trivy is used to scan images for vulnerabilities
+.PHONY: trivy
 trivy: loki-image
 	trivy i $(IMAGE_PREFIX)/loki:$(IMAGE_TAG)
+
+# Synk is also used to scan for vulnerabilities, and detects things that trivy might miss
+.PHONY: snyk
+snyk: loki-image
+	snyk container test $(IMAGE_PREFIX)/loki:$(IMAGE_TAG)
+	snyk code test
+
+.PHONY: scan-vulnerabilities
+scan-vulnerabilities: trivy snyk