Skip to content

Instantly share code, notes, and snippets.

garethr /
Last active Feb 5, 2021
Applications demonstrating various Cloud Native tools with Snyk

A set of hello world applications, mainly used for demonstraing Snyk. Although the applications themselves are trivial, each repository contains a toolchain using a variety of Cloud Native tools for building container images and deploying to Kubernetes or other platforms. The current set of applications consists of:


A demo of all the different Snyk products (nearly):

  • Java
  • Maven
  • SpringBoot
  • Kubernetes
garethr /
Last active Jan 8, 2020
Testing App Engine applications with Snyk

Snyk and App Engine

If you want to test your deployed Google App Engine applications (ie. not just the code you have in your source respository) you can do so with Snyk by downloading the artifacts from Google Cloud Storage. The following demostrates a proof-of-concept of doing so.


You'll need to setup a few Google Cloud tools

garethr /
Created Jan 1, 2020
Pondering on a generic bill of materials for software applications.

Ponderings on a generic bill of materials for software applications.

Package management manifests have some of this information but:

  1. Focus only on what's needed by the software packaging system
  2. Vary between languages
  3. Aren't typically shipped as part of the application

This gist is intended as a thought experiment, looking at what a generic bill of materials might look like.

garethr /
Created Dec 7, 2019
using Snyk with a remote Docker daemon running in Kubernetes

Start a Docker cluster running on Kubernetes using the provided deployment file. Note this is intended to demonstrate what's possible and hardcodes a few values. The cluster is also set to run without TLS, which in production you would probably want to configure.

kubectl apply -f docker-deployment.yaml

This should give you a running Docker engine and service.

garethr /
Created Nov 12, 2019
Using Snyk to test CNAB bundles for vulnerabilities

One of the neat things about the CNAB invocation images is that they are just Docker images. That means tools build to work with Docker images work nicely with CNAB. Snyk is one such tool, which can be used to determine vulnerabilities in Docker images.

With a little jq and xargs we can easily test our CNAB invocation images for a loaded bundle with Duffle like so.

$ duffle bundle show helloworld | jq .invocationImages[].image | xargs -L1 -I'{}' snyk test --docker {}                                                                                1081ms  Tue 12 Nov 20:26:02 2019

Testing deislabs/helloworld-cnab:e9beebb5ff3fdadbeb6c4eb8ce240f4ccc077183...
garethr / gist:6a517651b62cb43ac3c8a0f9c4ab561d
Created Nov 6, 2019
Testinga Clojure project with Snyk
View gist:6a517651b62cb43ac3c8a0f9c4ab561d
$ lein new reagent-frontend myproject
Retrieving reagent-frontend/lein-template/0.1.55/lein-template-0.1.55.pom from clojars
Retrieving reagent-frontend/lein-template/0.1.55/lein-template-0.1.55.jar from clojars
Generating fresh 'lein new' Reagent frontend project.
$ cd myproject
$ lein pom
Retrieving lein-cljsbuild/lein-cljsbuild/1.1.7/lein-cljsbuild-1.1.7.pom from clojars
Retrieving fs/fs/1.1.2/fs-1.1.2.pom from clojars
Retrieving lein-figwheel/lein-figwheel/0.5.19/lein-figwheel-0.5.19.pom from clojars
garethr /
Last active Sep 11, 2019
Snyk and NPM audit comparison

NPM audit reports:

found 13 vulnerabilities (9 low, 1 moderate, 1 high, 2 critical) in 3756 scanned package

Snyk test (with the --dev flag) reports:

Tested 731 dependencies for known issues, found 11 issues, 17 vulnerable paths.
garethr /
Created Aug 27, 2019
Looking at usage of kubectl commands
declare -a commands=(
View azure-policy-schema.json
"title":"Policy Definition",
"description":"This schema defines Azure resource policy definition, please see for more details.",