You reached the end of this Lab, what a journey! We hope that as you progressed through the lab you saw how Snyk and Docker together can help facilitate a secure Continuous Integration and Continuous Delivery paradigm for your software delivery practice.
We hope you enjoyed this lab. Below we recap what you've accomplished, and provide additional resources to help you get more value out of Snyk,.
You used Snyk Container to find issues introduced by your choice of base image. You imported your Dockerfile into Snyk, and selected a less vulnerable base image for your application.
If you're working with containers, some resources worth checking out:
Snyk can integrate with your Container Registry to easily import your container images for scanning with Snyk. We support Docker Hub, Azure Container Registry, Google Container Registry, Artifactory Container Registry, and AWS Elastic Container Registry.
An extension of Snyk Container, our Kubernetes Monitor can identify container vulnerabilities in running workloads. To learn more, check out the Snyk Kubernetes Integration Overview.
You used Snyk Open Source to find vulnerabilities in the Open Source components for the sample application. You configured the GitHub integration, created fix Pull Requests, and built a gate into the release process to ensure issues did not make their way into a Production branch.
Some things we didn't cover:
Why wait until vulnerabilities are published to upgrade your dependencies? Snyk can be configured to automatically open pull requests on your behalf, to keep your dependencies up to date and healthy.
Snyk allows you to configure a specific GitHub account on whose behalf the fix and upgrade PRs will be opened. Our research shows that this increases the likelihood of a Fix PR getting merged, so check it out!
You used Snyk Infrastructure as Code to find and fix configuration issues in your Kubernetes deployment manifests. Here are some things we didn't cover about Snyk IaC:
Infrastructure as Code rules are not meant to be one-size-fits-all. Different workloads have different security requirements and tolerances, that's why we allow you to change how Snyk IaC scores your application configurations. Learn how to adjust the severity scoring for IaC rules in our Docs.
We didn't cover it in this Lab, but Snyk can also scan Terraform files for configuration issues. To learn more about our Terraform support, check out how to Scan and Fix issues in your Terraform files.