From 0623a0b23f22238749172a7ae3afd481da91bd94 Mon Sep 17 00:00:00 2001
From: Peter Shen <xianpeng.shen@gmail.com>
Date: Sat, 6 Nov 2021 01:50:45 -0600
Subject: [PATCH 1/7] Create snyk-container-analysis.yml

---
 .github/workflows/snyk-container-analysis.yml | 43 +++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 .github/workflows/snyk-container-analysis.yml

diff --git a/.github/workflows/snyk-container-analysis.yml b/.github/workflows/snyk-container-analysis.yml
new file mode 100644
index 0000000..3a69988
--- /dev/null
+++ b/.github/workflows/snyk-container-analysis.yml
@@ -0,0 +1,43 @@
+# A sample workflow which checks out the code, builds a container
+# image using Docker and scans that image for vulnerabilities using
+# Snyk. The results are then uploaded to GitHub Security Code Scanning
+#
+# For more examples, including how to limit scans to only high-severity
+# issues, monitor images for newly disclosed vulnerabilities in Snyk and
+# fail PR checks for new vulnerabilities, see https://github.com/snyk/actions/
+
+name: Snyk Container
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
+  schedule:
+    - cron: '33 18 * * 3'
+
+jobs:
+  snyk:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Build a Docker image
+      run: make build-all-nc
+    - name: Run Snyk to check Docker image for vulnerabilities
+      # Snyk can be used to break the build when it detects vulnerabilities.
+      # In this case we want to upload the issues to GitHub Code Scanning
+      continue-on-error: true
+      uses: snyk/actions/docker@master
+      env:
+        # In order to use the Snyk Action you will need to have a Snyk API token.
+        # More details in https://github.com/snyk/actions#getting-your-snyk-token
+        # or you can signup for free at https://snyk.io/login
+        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      with:
+        image: your/image-to-test
+        args: --file=Dockerfile
+    - name: Upload result to GitHub Code Scanning
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: snyk.sarif

From db5957b12c81d3e9d936b5868cdc2c7b305d07b8 Mon Sep 17 00:00:00 2001
From: Peter Shen <xianpeng.shen@gmail.com>
Date: Sat, 6 Nov 2021 02:57:09 -0600
Subject: [PATCH 2/7] Update snyk-container-analysis.yml

---
 .github/workflows/snyk-container-analysis.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/snyk-container-analysis.yml b/.github/workflows/snyk-container-analysis.yml
index 3a69988..b90c74b 100644
--- a/.github/workflows/snyk-container-analysis.yml
+++ b/.github/workflows/snyk-container-analysis.yml
@@ -35,8 +35,7 @@ jobs:
         # or you can signup for free at https://snyk.io/login
         SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
       with:
-        image: your/image-to-test
-        args: --file=Dockerfile
+        image: xianpengshen/clang-tools:all
     - name: Upload result to GitHub Code Scanning
       uses: github/codeql-action/upload-sarif@v1
       with:

From fbb173b3c26075337cfeae2685b9608fc9df2e54 Mon Sep 17 00:00:00 2001
From: Peter Shen <xianpeng.shen@gmail.com>
Date: Sat, 6 Nov 2021 05:22:01 -0600
Subject: [PATCH 3/7] Update snyk-container-analysis.yml

---
 .github/workflows/snyk-container-analysis.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/workflows/snyk-container-analysis.yml b/.github/workflows/snyk-container-analysis.yml
index b90c74b..341a4f3 100644
--- a/.github/workflows/snyk-container-analysis.yml
+++ b/.github/workflows/snyk-container-analysis.yml
@@ -12,10 +12,7 @@ on:
   push:
     branches: [ master ]
   pull_request:
-    # The branches below must be a subset of the branches above
     branches: [ master ]
-  schedule:
-    - cron: '33 18 * * 3'
 
 jobs:
   snyk:
@@ -36,6 +33,7 @@ jobs:
         SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
       with:
         image: xianpengshen/clang-tools:all
+        args: --file=all/Dockerfile
     - name: Upload result to GitHub Code Scanning
       uses: github/codeql-action/upload-sarif@v1
       with:

From 3962e091474e6e8c1d681541c4f1a82b4dca8c24 Mon Sep 17 00:00:00 2001
From: Peter Shen <xianpeng.shen@gmail.com>
Date: Sat, 6 Nov 2021 05:33:16 -0600
Subject: [PATCH 4/7] Update snyk-container-analysis.yml

---
 .github/workflows/snyk-container-analysis.yml | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/.github/workflows/snyk-container-analysis.yml b/.github/workflows/snyk-container-analysis.yml
index 341a4f3..6af8fc5 100644
--- a/.github/workflows/snyk-container-analysis.yml
+++ b/.github/workflows/snyk-container-analysis.yml
@@ -18,13 +18,7 @@ jobs:
   snyk:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
-    - name: Build a Docker image
-      run: make build-all-nc
     - name: Run Snyk to check Docker image for vulnerabilities
-      # Snyk can be used to break the build when it detects vulnerabilities.
-      # In this case we want to upload the issues to GitHub Code Scanning
-      continue-on-error: true
       uses: snyk/actions/docker@master
       env:
         # In order to use the Snyk Action you will need to have a Snyk API token.

From f1873f675fc60ef6b9246e4e1125c00f86be1072 Mon Sep 17 00:00:00 2001
From: Peter Shen <xianpeng.shen@gmail.com>
Date: Sat, 6 Nov 2021 05:37:59 -0600
Subject: [PATCH 5/7] Update snyk-container-analysis.yml

---
 .github/workflows/snyk-container-analysis.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/snyk-container-analysis.yml b/.github/workflows/snyk-container-analysis.yml
index 6af8fc5..f9d273b 100644
--- a/.github/workflows/snyk-container-analysis.yml
+++ b/.github/workflows/snyk-container-analysis.yml
@@ -18,6 +18,7 @@ jobs:
   snyk:
     runs-on: ubuntu-latest
     steps:
+    - uses: actions/checkout@v2
     - name: Run Snyk to check Docker image for vulnerabilities
       uses: snyk/actions/docker@master
       env:

From 5ddd9df9654e01f3ef5731c5ac9f04cb352b0154 Mon Sep 17 00:00:00 2001
From: Peter Shen <xianpeng.shen@gmail.com>
Date: Sat, 6 Nov 2021 05:43:56 -0600
Subject: [PATCH 6/7] Update snyk-container-analysis.yml

---
 .github/workflows/snyk-container-analysis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/snyk-container-analysis.yml b/.github/workflows/snyk-container-analysis.yml
index f9d273b..85eb840 100644
--- a/.github/workflows/snyk-container-analysis.yml
+++ b/.github/workflows/snyk-container-analysis.yml
@@ -28,7 +28,7 @@ jobs:
         SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
       with:
         image: xianpengshen/clang-tools:all
-        args: --file=all/Dockerfile
+        args: --severity-threshold=high --file=all/Dockerfile
     - name: Upload result to GitHub Code Scanning
       uses: github/codeql-action/upload-sarif@v1
       with:

From bc5c15e34ccfe5684930c8fba838960bb8836dca Mon Sep 17 00:00:00 2001
From: Peter Shen <xianpeng.shen@gmail.com>
Date: Sat, 6 Nov 2021 05:47:06 -0600
Subject: [PATCH 7/7] Update snyk-container-analysis.yml

---
 .github/workflows/snyk-container-analysis.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/snyk-container-analysis.yml b/.github/workflows/snyk-container-analysis.yml
index 85eb840..fd0cb3e 100644
--- a/.github/workflows/snyk-container-analysis.yml
+++ b/.github/workflows/snyk-container-analysis.yml
@@ -20,6 +20,7 @@ jobs:
     steps:
     - uses: actions/checkout@v2
     - name: Run Snyk to check Docker image for vulnerabilities
+      continue-on-error: true
       uses: snyk/actions/docker@master
       env:
         # In order to use the Snyk Action you will need to have a Snyk API token.