From ed3664e7d8c36432f96b7419600f33f7f8c55431 Mon Sep 17 00:00:00 2001 From: curben Date: Thu, 1 Nov 2018 17:42:08 +1030 Subject: [PATCH] fix: post_path should refer to file name not title --- source/_posts/secure-node-modules-snyk.md | 2 +- source/_posts/snyk-patch-alpine-docker.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/source/_posts/secure-node-modules-snyk.md b/source/_posts/secure-node-modules-snyk.md index 4e9b5ee..8df3c9d 100644 --- a/source/_posts/secure-node-modules-snyk.md +++ b/source/_posts/secure-node-modules-snyk.md @@ -48,7 +48,7 @@ Practically, you can use Snyk to patch it, *if* possible like this [hexo-all-min 15. Lastly, link the project to your Snyk account, `$ snyk monitor`. Your project will shows up at your Snyk account. Go to the project setting and add your github repo link. This is necessary to remove usage quota for open-source projects. 16. Optional: add `snyk test`, `snyk protect` and `snyk monitor` commands to your CI script to protect your CI build image. -***Attention:*** Snyk depends on GNU version of `patch` utility, so you need to install it if the CI build environment is Alpine or BSD. Otherwise, `snyk protect` won't work. Read my newer post for more info. +***Attention:*** Snyk depends on GNU version of `patch` utility, so you need to install it if the CI build environment is Alpine or BSD. Otherwise, `snyk protect` won't work. Read my newer post for more info. Alternatively, you could integrate directly to your remote repo (github/gitlab). This integration allows Snyk to automatically create pull/merge request. Enable this by going to your Snyk account and Integrations tab. diff --git a/source/_posts/snyk-patch-alpine-docker.md b/source/_posts/snyk-patch-alpine-docker.md index 07d32a6..1ef075a 100644 --- a/source/_posts/snyk-patch-alpine-docker.md +++ b/source/_posts/snyk-patch-alpine-docker.md @@ -7,12 +7,12 @@ Snyk initially runs fine on Alpine, until you try to `snyk protect` to patch the -Snyk is used to patch vulnerabilities of node_modules (read my previous post for installation guide). I never had any issue with it running on Alpine docker image. That was because there was no modules to patch. +Snyk is used to patch vulnerabilities of node_modules (read my previous post for installation guide). I never had any issue with it running on Alpine docker image. That was because there was no modules to patch. That is until I install [renovate](https://github.com/renovatebot/renovate), which has [vulnerabilities](https://snyk.io/test/npm/renovate) that can be patched. Snyk only tells modules failed to patch, which is not helpful at all. I initially thought it was due to file permissions, which I now realise don't make sense. All commands are executed as root and files are owned by root. -The issue was only pinpointed after I ran snyk with `--debug`, which I should've used it in the first place anyway. The issue is due to BusyBox's patch doesn't support `--backup` option. Sigh, BusyBox versus GNU, back at it again. +The issue was only pinpointed after I ran snyk with `--debug`, which I should've used it in the first place anyway. The issue is due to BusyBox's patch doesn't support `--backup` option. Sigh, BusyBox versus GNU, back at it again. To install GNU's patch, simply add `apk add patch` before `npm install` in your CI config (e.g. `.gitlab-ci.yml`). The installation will automatically replace the BusyBox's patch symlink, so you don't need to. \ No newline at end of file