Some kind folks who are security experts have recommended setting up Snyk Container to scan for potential vulnerabilities in container images in our repos, which may include (but not limited to) the following:
OpenDRR/opendrr-api
OpenDRR/pygeoapi
OpenDRR/python-env
OpenDRR/riskprofiler (OpenDRR/riskprofiler-cms)
To get started, e.g. for OpenDRR/python-env, we go to Security → Code scanning alerts → Snyk Container and see a GitHub workflow template, which contains the following instruction:
# In order to use the Snyk Action you will need to have a Snyk API token.
Some kind folks who are security experts have recommended setting up Snyk Container to scan for potential vulnerabilities in container images in our repos, which may include (but not limited to) the following:
To get started, e.g. for OpenDRR/python-env, we go to Security → Code scanning alerts → Snyk Container and see a GitHub workflow template, which contains the following instruction:
Some resources for getting started:
Trivia: Snyk is short for 'So Now You Know'; see [https://support.snyk.io/hc/en-us/articles/360000890358-How-do-you-pronounce-Snyk- How do you pronounce Snyk? – Support Portal | Snyk]
Note there are also the following container scanners available on GitHub:
Maybe we could set them all up for comparison? :grin: