Skip to content

Instantly share code, notes, and snippets.

View 0_README.md
@garethr
garethr / README.md
Last active Feb 5, 2021
Applications demonstrating various Cloud Native tools with Snyk
View README.md

A set of hello world applications, mainly used for demonstraing Snyk. Although the applications themselves are trivial, each repository contains a toolchain using a variety of Cloud Native tools for building container images and deploying to Kubernetes or other platforms. The current set of applications consists of:

Snykest

A demo of all the different Snyk products (nearly):

  • Java
  • Maven
  • SpringBoot
  • Kubernetes
@garethr
garethr / _README.md
Last active Jan 8, 2020
Testing App Engine applications with Snyk
View _README.md

Snyk and App Engine

If you want to test your deployed Google App Engine applications (ie. not just the code you have in your source respository) you can do so with Snyk by downloading the artifacts from Google Cloud Storage. The following demostrates a proof-of-concept of doing so.

Pre-requisites

You'll need to setup a few Google Cloud tools

@garethr
garethr / 0_README.md
Created Jan 1, 2020
Pondering on a generic bill of materials for software applications.
View 0_README.md

Ponderings on a generic bill of materials for software applications.

Package management manifests have some of this information but:

  1. Focus only on what's needed by the software packaging system
  2. Vary between languages
  3. Aren't typically shipped as part of the application

This gist is intended as a thought experiment, looking at what a generic bill of materials might look like.

@garethr
garethr / _README.md
Created Dec 7, 2019
using Snyk with a remote Docker daemon running in Kubernetes
View _README.md

Start a Docker cluster running on Kubernetes using the provided deployment file. Note this is intended to demonstrate what's possible and hardcodes a few values. The cluster is also set to run without TLS, which in production you would probably want to configure.

kubectl apply -f docker-deployment.yaml

This should give you a running Docker engine and service.

@garethr
garethr / README.md
Created Nov 12, 2019
Using Snyk to test CNAB bundles for vulnerabilities
View README.md

One of the neat things about the CNAB invocation images is that they are just Docker images. That means tools build to work with Docker images work nicely with CNAB. Snyk is one such tool, which can be used to determine vulnerabilities in Docker images.

With a little jq and xargs we can easily test our CNAB invocation images for a loaded bundle with Duffle like so.

$ duffle bundle show helloworld | jq .invocationImages[].image | xargs -L1 -I'{}' snyk test --docker {}                                                                                1081ms  Tue 12 Nov 20:26:02 2019

Testing deislabs/helloworld-cnab:e9beebb5ff3fdadbeb6c4eb8ce240f4ccc077183...
@garethr
garethr / gist:6a517651b62cb43ac3c8a0f9c4ab561d
Created Nov 6, 2019
Testinga Clojure project with Snyk
View gist:6a517651b62cb43ac3c8a0f9c4ab561d
$ lein new reagent-frontend myproject
Retrieving reagent-frontend/lein-template/0.1.55/lein-template-0.1.55.pom from clojars
Retrieving reagent-frontend/lein-template/0.1.55/lein-template-0.1.55.jar from clojars
Generating fresh 'lein new' Reagent frontend project.
$ cd myproject
$ lein pom
Retrieving lein-cljsbuild/lein-cljsbuild/1.1.7/lein-cljsbuild-1.1.7.pom from clojars
Retrieving fs/fs/1.1.2/fs-1.1.2.pom from clojars
Retrieving lein-figwheel/lein-figwheel/0.5.19/lein-figwheel-0.5.19.pom from clojars
@garethr
garethr / differences.md
Last active Sep 11, 2019
Snyk and NPM audit comparison
View differences.md

NPM audit reports:

found 13 vulnerabilities (9 low, 1 moderate, 1 high, 2 critical) in 3756 scanned package

Snyk test (with the --dev flag) reports:

Tested 731 dependencies for known issues, found 11 issues, 17 vulnerable paths.
@garethr
garethr / count.sh
Created Aug 27, 2019
Looking at usage of kubectl commands
View count.sh
#!/bin/bash
declare -a commands=(
create
expose
run
set
explain
get
View azure-policy-schema.json
{
"id":"https://schema.management.azure.com/schemas/2018-05-01/policyDefinition.json#",
"$schema":"http://json-schema.org/draft-04/schema#",
"title":"Policy Definition",
"description":"This schema defines Azure resource policy definition, please see https://azure.microsoft.com/en-us/documentation/articles/resource-manager-policy/ for more details.",
"type":"object",
"properties":{
"if":{
"oneOf":[
{