From 6632c77f871be86aee709bc2d3517b52a42c39d7 Mon Sep 17 00:00:00 2001
From: Steven <Steavy@users.noreply.github.com>
Date: Tue, 30 Jan 2024 16:56:34 +0100
Subject: [PATCH 1/2] Update release.yml

---
 .github/workflows/release.yml | 50 ++++++++++++++++++++---------------
 1 file changed, 28 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 5990b6d..1b02cc6 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -16,28 +16,34 @@ jobs:
     - run: docker push ${{secrets.DOCKERHUB_USERNAME}}/nest-demo-app
  
 
-  snyk_image_scanning:
-    
+  snyk_image_scanning:    
+    permissions:
+       id-token: read
+       contents: read
+       packages: read
     runs-on: ubuntu-latest
     
     steps:
-    - uses: actions/checkout@v2
-    - name: Build the Docker image
-      run: docker build -t ${{secrets.DOCKERHUB_USERNAME}}/nest-demo-app .
-    - name: Run Snyk to check Docker image for vulnerabilities
-      # Snyk can be used to break the build when it detects vulnerabilities.
-      # In this case we want to upload the issues to GitHub Code Scanning
-      continue-on-error: true
-      uses: snyk/actions/docker@master
-      env:
-        # In order to use the Snyk Action you will need to have a Snyk API token.
-        # More details in https://github.com/snyk/actions#getting-your-snyk-token
-        # or you can signup for free at https://snyk.io/login
-        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-      with:
-        image: ${{secrets.DOCKERHUB_USERNAME}}/nest-demo-app
-        args: --file=Dockerfile --exclude-base-image-vulns
-    - name: Upload result to GitHub Code Scanning
-      uses: github/codeql-action/upload-sarif@v1
-      with:
-        sarif_file: snyk.sarif
\ No newline at end of file
+          - name: Checkout 🛎️
+            uses: actions/checkout@v2
+
+          - name: Log in to the Container registry 📦
+            uses: docker/login-action@v2
+            with:
+              registry: ${{ env.GITHUB_REGISTRY }}
+              username: ${{ github.actor }}
+              password: ${{ secrets.GITHUB_TOKEN }}
+
+          - name: Scan Docker image 🐳
+            uses: snyk/actions/docker@master
+            continue-on-error: true
+            with:
+              image: ${{ env.GITHUB_REGISTRY }}/${{ env.GITHUB_REPOSITORY }}:${{ env.DOCKER_IMAGE_TAG }}
+              args: --file=Dockerfile --severity-threshold=high --sarif-file-output=snyk.sarif
+            env:
+              SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
+          - name: Upload Snyk report as sarif 📦
+            uses: github/codeql-action/upload-sarif@v2
+            with:
+              sarif_file: snyk.sarif

From 540e607a3cf99e9e3ebd95603ab655716caa3855 Mon Sep 17 00:00:00 2001
From: Steven <Steavy@users.noreply.github.com>
Date: Tue, 30 Jan 2024 16:58:05 +0100
Subject: [PATCH 2/2] Update integration.yml

---
 .github/workflows/integration.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
index cb4284e..3301328 100644
--- a/.github/workflows/integration.yml
+++ b/.github/workflows/integration.yml
@@ -4,7 +4,7 @@ on:
   push:
     branches: [ development, steven ]
   pull_request:
-    branches: [ development, steven, workshop, main ]
+    branches: [ main ]
     types: [opened, synchronize, reopened]   
 
 jobs: