From e57b11319cba7411028fbbda7515f4633d1145d1 Mon Sep 17 00:00:00 2001 From: curben Date: Tue, 30 Oct 2018 20:55:08 +1030 Subject: [PATCH] add notes about using snyk in alpine or bsd --- source/_posts/secure-node-modules-snyk.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/source/_posts/secure-node-modules-snyk.md b/source/_posts/secure-node-modules-snyk.md index 951ae9e..fddfb0c 100644 --- a/source/_posts/secure-node-modules-snyk.md +++ b/source/_posts/secure-node-modules-snyk.md @@ -45,7 +45,9 @@ Practically, you can use Snyk to patch it, *if* possible like this [hexo-all-min 13. If fix is available, run `$ snyk protect`. 14. In step 10, if you choose to ignore, Snyk will ignore the issue for 30 days by default (even after you run `snyk test`. Once elapsed, `$ snyk test` will say there is vulnerability again (and fail your build/CI). If you find it annoying, you can delay the expiry date in `.snyk`. 15. Lastly, link the project to your Snyk account, `$ snyk monitor`. Your project will shows up at your Snyk account. Go to the project setting and add your github repo link. This is necessary to remove usage quota for open-source projects. -16. Optional: add `snyk test` and `snyk protect` command to your CI script to protect your CI build image. +16. Optional: add `snyk test`, `snyk protect` and `snyk monitor` commands to your CI script to protect your CI build image. + +***Attention:*** Snyk depends on GNU version of `patch` utility, so you need to install it if the CI build environment is Alpine or BSD. Otherwise, `snyk protect` won't work. Alternatively, you could integrate directly to your remote repo (github/gitlab). This integration allows Snyk to automatically create pull/merge request. Enable this by going to your Snyk account and Integrations tab. {% cloudinary 20181001/snyk-integration.png %}