Skip to content
Deploy

Add SNYK scan to build image #3421

Sign in to view logs

Add SNYK scan to build image

Add SNYK scan to build image #3421

Triggered via pull request January 16, 2025 13:30
@RMcVeliaRMcVelia
synchronize #1163
2166-scan-docker-image-in-all-repositories
Status Failure
Total duration 13m 24s
Artifacts

build-and-deploy.yml

on: pull_request
Image build and push
2m 16s
Image build and push
Set deployment matrix
0s
Set deployment matrix
Deploy to review environment
10m 50s
Deploy to review environment
Matrix: deploy_nonprod
Deploy to production environment
0s
Deploy to production environment
Fit to window
Zoom out
Zoom in

Annotations

2 errors and 7 warnings
Deploy to review environment
Terraform exited with code 1.
Deploy to review environment
Process completed with exit code 2.
Sensitive data should not be used in the ARG or ENV commands: Dockerfile#L10
SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "SECRET_KEY_BASE") More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/
Sensitive data should not be used in the ARG or ENV commands: Dockerfile#L10
SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "ZENDESK_TOKEN") More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/
Sensitive data should not be used in the ARG or ENV commands: Dockerfile#L10
SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "IDENTITY_SHARED_SECRET_KEY") More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/
Sensitive data should not be used in the ARG or ENV commands: Dockerfile#L10
SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "IDENTITY_API_KEY") More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/
JSON arguments recommended for ENTRYPOINT/CMD to prevent unintended behavior related to OS signals: Dockerfile#L44
JSONArgsRecommended: JSON arguments recommended for CMD to prevent unintended behavior related to OS signals More info: https://docs.docker.com/go/dockerfile/rule/json-args-recommended/
Sensitive data should not be used in the ARG or ENV commands: Dockerfile#L10
SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "GOVUK_NOTIFY_API_KEY") More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/
Set deployment matrix
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636