Testing Palantir’s remix of Apache Cassandra with Snyk & Travis CI
This repository is to show Travis CI testing a Dockerfile based on Palantir’s remix of Apache Cassandra, testing IaC’s (Terraform, Kubernetes), and testing the integration health of Debian.
So we hade to define in the
.travis.yml file the language as
node, ultimately at first I had it set as
python, but thought of a crafty work around, in which we would be using
pipenv and if need be,
pipenv graph via we have to grab
Snyk and to do that we need to use
npm. We then grab
pipenv, here is a minified version of the
.travis.yml I’ve created for this project, that doesn’t have my
regex expressions, and branching conditionals:
install: - pip install pipenv language: node_js node_js: - lts/* script: - npm install -g [email protected] # Globally install Snyk via node package manager, using condition `@latest` for latest version. - snyk -v # Print out the current version of Snyk symlinked. - snyk code - snyk test --docker debian --file=Dockerfile --exclude-base-image-vulns # Scan the Palantir Cassandra container. - snyk iac test variable.tf # Test an IaC method, say in this case Terraform. With simple variables that really equal to moot. - snyk iac test Kubernetes.yaml # Test the Kubernetes.yaml file to see if there's any vuln's, this is defined to run on nginx. # The rest of the .travis.yml in this repo, is my branching process. So if you look at the existing .travis.yml in this repo, and wonder why it's different, that's the reason. The above snippet will get you going.
It’s important to note you’ll need your Snyk
env vars. I started this out
language: python, then switched it to
node to fetch
Snyk, it’s a quirky workaround, but works. I’ve also added cursory checks for Palantir’s Apache Cassandra Dockerfile, to see if Snyk crashes when doing things in succession.