From de8f018b14f4b745dc49060c8d377dd1566cfc0c Mon Sep 17 00:00:00 2001
From: Quentin McGaw <quentin.mcgaw@gmail.com>
Date: Sun, 9 May 2021 01:11:58 +0000
Subject: [PATCH] Feature: Snyk code analysis for code and image

---
 .github/workflows/build.yml | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 2e811d52..84caf522 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -42,10 +42,20 @@ jobs:
           -covermode=atomic \
           ./...
 
-      # We run this here to use the caching of the previous steps
-      - if: github.event_name == 'push'
-        name: Build final image
-        run: docker build .
+      - name: Code security analysis
+        uses: snyk/actions/golang@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
+      - name: Build final image
+        run: docker build -t final-image .
+
+      - name: Image security analysis
+        uses: snyk/actions/docker@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: final-image
 
   publish:
     needs: [verify]