diff --git a/.circleci/test-deploy.yml b/.circleci/test-deploy.yml index 35fde63..90e2f33 100644 --- a/.circleci/test-deploy.yml +++ b/.circleci/test-deploy.yml @@ -13,6 +13,9 @@ commands: scan: description: test the scan functionality parameters: + os: + type: string + default: 'linux' fail-on-issues: type: boolean default: false @@ -49,6 +52,7 @@ commands: - snyk/scan: target-file: nodejs-goof/package.json + os: << parameters.os >> fail-on-issues: << parameters.fail-on-issues >> monitor-on-build: << parameters.monitor-on-build >> no-cache: << parameters.no-cache >> @@ -163,6 +167,27 @@ jobs: - scan: no-cache: true + scan-test-os-specified: + docker: + - image: cimg/base:current + parameters: + resource_class: + type: string + resource_class: << parameters.resource_class >> + steps: + - when: + condition: + equal: [ arm.medium, << parameters.resource_class >> ] + steps: + - scan: + os: "linux-arm64" + - when: + condition: + equal: [ medium, << parameters.resource_class >> ] + steps: + - scan: + os: "linux" + scan-test-monitor-additional-arguments: docker: - image: cimg/base:current @@ -207,6 +232,14 @@ workflows: - hammerhead-snyk-orb-snyk-creds filters: *filters + - scan-test-os-specified: + matrix: + parameters: + resource_class: ["medium", "arm.medium"] + context: + - hammerhead-snyk-orb-snyk-creds + filters: *filters + - scan-test-old-curl-no-cache: context: - hammerhead-snyk-orb-snyk-creds diff --git a/README.md b/README.md index 51047cb..e217b31 100644 --- a/README.md +++ b/README.md @@ -95,24 +95,24 @@ jobs: Full reference docs https://circleci.com/orbs/registry/orb/snyk/snyk -| Parameter | Description | Required | Default | Type | -|------------------------------|----------------------------------------------------------------------------------------------------------------------------------------|----------|------------|--------------------------------| -| command | The CLI command (i.e. "test", "iac test") to execute | no | test | string | -| monitor-command | The CLI monitor command (i.e. "monitor", "container monitor") to execute | no | monitor | string | -| token-variable | Name of env var containing your Snyk API token | no | SNYK_TOKEN | env_var_name | -| severity-threshold | Only report vulnerabilities of provided level or higher (low/medium/high/critical) | no | low | low \| med \| high \| critical | -| fail-on-issues | This specifies if builds should be failed or continued based on issues found by Snyk | no | true | boolean | -| monitor-on-build | Take a current application dependencies snapshot for continuous monitoring by Snyk, if test was succesful | no | true | boolean | -| target-file | The path to the manifest file to be used by Snyk. Should be provided if non-standard | no | - | string | -| docker-image-name | The image name, if scanning a container image | no | - | string | -| organization | The Snyk Organization ID (see Organization-level Settings tab in the Snyk UI) under which this project should be tested and monitored. | no | - | string | -| project | A custom name for the Snyk project to be created on snyk.io | no | - | string | -| additional-arguments | Refer to the Snyk CLI help page for information on additional arguments. These are passed to all `snyk` commands. | no | - | string | -| additional-monitor-arguments | Refer to the Snyk CLI help page for information on additional arguments. These are passed to `snyk monitor`. | no | - | string | -| os | The CLI OS version to download | no | linux | linux \| macos \| alpine | -| install-alpine-dependencies | For the alpine CLI, should extenral dependencies be installed | no | true | boolean | -| no-output-timeout | Elapsed time the command can run without output. The default is 10 minutes | no | 10m | string | -| no-cache | Disable caching the Snyk CLI | no | false | boolean | +| Parameter | Description | Required | Default | Type | +|------------------------------|----------------------------------------------------------------------------------------------------------------------------------------|----------|------------|-----------------------------------------| +| command | The CLI command (i.e. "test", "iac test") to execute | no | test | string | +| monitor-command | The CLI monitor command (i.e. "monitor", "container monitor") to execute | no | monitor | string | +| token-variable | Name of env var containing your Snyk API token | no | SNYK_TOKEN | env_var_name | +| severity-threshold | Only report vulnerabilities of provided level or higher (low/medium/high/critical) | no | low | low \| med \| high \| critical | +| fail-on-issues | This specifies if builds should be failed or continued based on issues found by Snyk | no | true | boolean | +| monitor-on-build | Take a current application dependencies snapshot for continuous monitoring by Snyk, if test was succesful | no | true | boolean | +| target-file | The path to the manifest file to be used by Snyk. Should be provided if non-standard | no | - | string | +| docker-image-name | The image name, if scanning a container image | no | - | string | +| organization | The Snyk Organization ID (see Organization-level Settings tab in the Snyk UI) under which this project should be tested and monitored. | no | - | string | +| project | A custom name for the Snyk project to be created on snyk.io | no | - | string | +| additional-arguments | Refer to the Snyk CLI help page for information on additional arguments. These are passed to all `snyk` commands. | no | - | string | +| additional-monitor-arguments | Refer to the Snyk CLI help page for information on additional arguments. These are passed to `snyk monitor`. | no | - | string | +| os | The CLI OS version to download | no | linux | linux \| linux-arm64 \| macos \| alpine | +| install-alpine-dependencies | For the alpine CLI, should extenral dependencies be installed | no | true | boolean | +| no-output-timeout | Elapsed time the command can run without output. The default is 10 minutes | no | 10m | string | +| no-cache | Disable caching the Snyk CLI | no | false | boolean | ## Screenshots diff --git a/src/commands/install.yml b/src/commands/install.yml index 126296c..97be973 100644 --- a/src/commands/install.yml +++ b/src/commands/install.yml @@ -20,7 +20,7 @@ parameters: os: description: The CLI OS version to download type: enum - enum: ["linux", "macos", "alpine"] + enum: ["linux", "macos", "alpine", "linux-arm64"] default: "linux" install-alpine-dependencies: description: Install additional dependencies required by the alpine cli diff --git a/src/commands/scan.yml b/src/commands/scan.yml index 8d4c338..71b47e6 100644 --- a/src/commands/scan.yml +++ b/src/commands/scan.yml @@ -71,7 +71,7 @@ parameters: os: description: The CLI OS version to download type: enum - enum: ["linux", "macos", "alpine"] + enum: ["linux", "macos", "alpine", "linux-arm64"] default: "linux" install-alpine-dependencies: description: Install additional dependencies required by the alpine cli