Skip to content

jbalestrSnyk/somerset-juice-shop

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

original Juice Shop readme

Snyk Juice Shop

This is a vulnerable by design repository for demonstrating Snyk Insights. Do not deploy this in production.

Step 0: Prepare Demo Environemnt

Install Tools

Fork & Import

Fork this repository and import it in a new or existing org.

git clone https://github.com/somerset-inc/juice-shop-goof.git
cd juice-shop

Deploy Juice Shop to EKS

In A Cloud Guru create an AWS sandbox environment, then add the following as GitHub Actions Variables:

AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
SNYK_ORG_ID
SNYK_TOKEN

Edit the _build_flag file to trigger EKS provisioning and Juice Shop deployment.

Step 1: Deploy the Kubernetes Connector

Create Snyk Service Acount with minimum scope: docs

Log into AWS CLI:

aws configure
aws eks update-kubeconfig --region us-east-1 --name juice-shop-cluster

Add the secret

kubectl create secret generic insights-secret --from-literal=snykServiceAccountToken=YOUR_SNYK_TOKEN

Add the Helm chart

helm repo add kubernetes-scanner https://snyk.github.io/kubernetes-scanner
helm repo update

Install the chart

helm install insights \
	--set "secretName=insights-secret" \
	--set "config.clusterName=juice-shop-cluster" \
	--set "config.routes[0].organizationID=YOUR_ORG_ID" \
	--set "config.routes[0].clusterScopedResources=true" \
	--set "config.routes[0].namespaces[0]=*"  \
	kubernetes-scanner/kubernetes-scanner

Run kubectl get pods to verify the pod is running.

Step 2: Scan and Tag Container projects

See full docs on tagging format. This is required to link Open Source and Code projects with Container projects.

Add tags to container images: see example workflow.

Examples:

snyk container monitor your/image:tag --tags="component=pkg:${{ github.repository }}@${{ github.ref_name }}"
snyk container monitor your/image:tag --tags="component=pkg:github/org/repo@branch"

Step 3: Tag Open Source and Code projects

Review script at insights/apply-tags.py.

pip install requests
python3 insights/apply-tags.py --org-id your-org-id --snyk-token your-snyk-token --origin github