Difficulty: Intermediate
Time to Complete: 60 minutes
The lab has three parts, to be completed in sequence. Each covers a different Snyk product.
- Part 1 covers fixing Open Source vulnerabilities in the Sample App.
- Part 2 adds Dockerfile and Container Security Scanning to the pipeline.
- Part 3 adds Deployment YAML and Infrastructure as Code Scans.
- GitHub Account. If you need one, sign up free at GitHub.
- Snyk Account. If you need one, sign up free at snyk.io
You'll also need to fork the GitHub Repo with the sample application.
{% embed url="https://github.com/snyk-partners/gh-actions-academy" %}
The Repo is structured as follows:
- A PROD branch that represents the deploy-ready state of the code.
- A develop branch that is the default branch we'll be working with.
- A oss-actions branch that will be used for Part 1.
- A container-actions branch that will be used for Part 2.
- A iac-actions branch that will be used for Part 3.
When you fork a Repo with existing workflows, GitHub disables GitHub Actions by default. To enable GitHub Actions, click on the Actions Tab, and then "Enable my Workflows".
The .github.workflows folder contains CI workflows for the develop and PROD branches. These rebuild and test the app when code is pushed to the branch, to ensure no breaking changes are introduced. We'll add onto these files throughout the Lab to do more with GitHub Actions.
When ready, head on to Part 1 and get started!