Newpull

.github/workflows/snyk-security.yml

@@ -0,0 +1,43 @@
+name: Example workflow for Python using Snyk
+on: push
+
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/python@master
+        continue-on-error: true
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          command: code test
+          args: --sarif-file-output=snyk.sarif
+      - name: Count total number of vulnerabilities
+        id: count_vulns
+        run: |
+          RESULTS_LENGTH=$(jq '.runs[0].results | length' snyk.sarif)
+          echo "RESULTS_LENGTH=$RESULTS_LENGTH" >> $GITHUB_ENV
+          echo "::set-output name=results_length::$RESULTS_LENGTH"
+      - name: Pass_or_Fail_the_job
+        run: |
+          if [ "$RESULTS_LENGTH" -ne 0 ]; then
+            echo "Job Failed"
+            exit 1
+          else
+            echo "Pass"
+          fi
+
+  notify:
+    runs-on: ubuntu-latest
+    needs: [security]
+    if: always()
+    steps:
+      - name: Send notification to Microsoft Teams
+        run: |
+          curl -H 'Content-Type: application/json' -d '{
+            "text": "**The Snyk scan result for repo is:** '"${{ needs.security.result }}"'",
+            "**Number of vulnerabilities:** '"${{ needs.security.outputs.count_vulns.results_length }}"'",
+            "**Detail:** https://github.com/'"${{ github.repository }}"'/actions/runs/'"${{ github.run_id }}"'"
+          }' ${{ secrets.TEAMS_WEBHOOK_URL }}

Dockerfile

@@ -1,4 +1,4 @@
-FROM ubuntu:16.04
+FROM ubuntu:xenial-20210416
 RUN apt-get update && apt-get install -y python python-pip
 RUN pip install flask
 COPY app.py /opt/