{"id":13690780,"url":"https://github.com/snyk/snyk-images","last_synced_at":"2025-04-05T07:04:23.473Z","repository":{"id":42080027,"uuid":"207295767","full_name":"snyk/snyk-images","owner":"snyk","description":"A build toolchain for Snyk Docker images.","archived":false,"fork":false,"pushed_at":"2025-03-28T10:33:11.000Z","size":237,"stargazers_count":65,"open_issues_count":16,"forks_count":53,"subscribers_count":99,"default_branch":"master","last_synced_at":"2025-03-29T06:05:04.592Z","etag":null,"topics":["docker","snyk"],"latest_commit_sha":null,"homepage":"https://snyk.io","language":"HTML","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/snyk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-09-09T11:42:41.000Z","updated_at":"2025-03-28T10:33:14.000Z","dependencies_parsed_at":"2023-02-09T12:01:32.953Z","dependency_job_id":"707e905e-eb44-400f-8bbb-d51a04ae6eb2","html_url":"https://github.com/snyk/snyk-images","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snyk%2Fsnyk-images","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snyk%2Fsnyk-images/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snyk%2Fsnyk-images/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snyk%2Fsnyk-images/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/snyk","download_url":"https://codeload.github.com/snyk/snyk-images/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247299831,"owners_count":20916190,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","snyk"],"created_at":"2024-08-02T17:00:31.496Z","updated_at":"2025-04-05T07:04:23.457Z","avatar_url":"https://github.com/snyk.png","language":"HTML","funding_links":[],"categories":["Uncategorized"],"sub_categories":["Uncategorized"],"readme":"A build toolchain for Snyk Docker images.\n\n## Design goals\n\n* Make it easy to provide images which match upstream development environments, for example\n covering the range of different software versions and operating systems in common usage\n* Minimize the amount of configuration we need to maintain per image\n* Avoid the need to install a Node development environment for non-Node users\n* Enable images to be automatically built (and rebuilt) regularly\n\n\n## Images\n\n### Current images\n\n| Image | Based on |\n|--------------------------------|-----------------------------------|\n| snyk/snyk:alpine | alpine |\n| snyk/snyk:cocoapods | alpine |\n| snyk/snyk:swift | swift |\n| snyk/snyk:clojure | clojure |\n| snyk/snyk:clojure-boot | clojure:boot |\n| snyk/snyk:clojure-lein | clojure:lein |\n| snyk/snyk:clojure-tools-deps | clojure:tools-deps |\n| snyk/snyk:composer | composer |\n| snyk/snyk:php | composer |\n| snyk/snyk:docker-latest | docker:latest |\n| snyk/snyk:docker | docker:stable |\n| snyk/snyk:golang | golang |\n| snyk/snyk:golang-1.20 | golang:1.20 |\n| snyk/snyk:golang-1.21 | golang:1.21 |\n| snyk/snyk:golang-1.22 | golang:1.22 |\n| snyk/snyk:golang-1.23 | golang:1.23 |\n| snyk/snyk:golang-1.24 | golang:1.24 |\n| snyk/snyk:gradle | gradle |\n| snyk/snyk:gradle-jdk11 | gradle:jdk11 |\n| snyk/snyk:gradle-jdk12 | gradle:jdk12 |\n| snyk/snyk:gradle-jdk13 | gradle:jdk13 |\n| snyk/snyk:gradle-jdk14 | gradle:jdk14 |\n| snyk/snyk:gradle-jdk16 | gradle:jdk16 |\n| snyk/snyk:gradle-jdk17 | gradle:jdk17 |\n| snyk/snyk:gradle-jdk18 | gradle:jdk18 |\n| snyk/snyk:gradle-jdk19 | gradle:jdk19 |\n| snyk/snyk:gradle-jdk20 | gradle:jdk20 |\n| snyk/snyk:gradle-jdk21 | gradle:jdk21 |\n| snyk/snyk:gradle-jdk8 | gradle:jdk8 |\n| snyk/snyk:maven | maven |\n| snyk/snyk:maven-3-jdk-11 | maven:3-jdk-11 |\n| snyk/snyk:maven-3-jdk-17 | maven:3-eclipse-temurin-17 |\n| snyk/snyk:maven-3-jdk-20 | maven:3-eclipse-temurin-20 |\n| snyk/snyk:maven-3-jdk-21 | maven:3-eclipse-temurin-21 |\n| snyk/snyk:maven-3-jdk-22 | maven:3-eclipse-temurin-22 |\n| snyk/snyk:maven-3-jdk-8 | maven:3-jdk-8 |\n| snyk/snyk:dotnet | mcr.microsoft.com/dotnet/core/sdk |\n| snyk/snyk:dotnet-8.0 | mcr.microsoft.com/dotnet/sdk:8.0 |\n| snyk/snyk:node | node |\n| snyk/snyk:node-18 | node:18 |\n| snyk/snyk:node-20 | node:20 |\n| snyk/snyk:node-22 | node:22 |\n| snyk/snyk:python | python |\n| snyk/snyk:python-3.8 | python:3.8 |\n| snyk/snyk:python-3.9 | python:3.9 |\n| snyk/snyk:python-3.10 | python:3.10 |\n| snyk/snyk:python-3.11 | python:3.11 |\n| snyk/snyk:python-3.12 | python:3.12 |\n| snyk/snyk:python-alpine | python:alpine |\n| snyk/snyk:ruby | ruby |\n| snyk/snyk:ruby-3.3 | ruby:3.3 |\n| snyk/snyk:ruby-alpine | ruby:alpine |\n| snyk/snyk:linux | ubuntu |\n| snyk/snyk:sbt1.10.0-scala3.4.2 | scala:3.4.2-sbt:1.10.0 |\n\n### Vendor unsupported base images\nThese images are no longer supported by the upstream vendor and should no longer be used, as such, the images below are no longer maintained. As a general practice, Snyk does not remove images once published. However, Snyk will not build or maintain images based on EoL softwareusers of these images should move to a vendor-supported upstream image base immediately.\n\n| Image | Based on |\n|------------------------------|-----------------------------------------|\n| snyk/snyk:docker-18.09 | docker:18.09 |\n| snyk/snyk:docker-19.03 | docker:19.03 |\n| snyk/snyk:golang-1.12 | golang:1.12 |\n| snyk/snyk:golang-1.13 | golang:1.13 |\n| snyk/snyk:golang-1.14 | golang:1.14 |\n| snyk/snyk:golang-1.15 | golang:1.15 |\n| snyk/snyk:golang-1.16 | golang:1.16 |\n| snyk/snyk:golang-1.17 | golang:1.17 |\n| snyk/snyk:golang-1.18 | golang:1.18 |\n| snyk/snyk:golang-1.19 | golang:1.19 |\n| snyk/snyk:gradle-6.4 | gradle:6.4 |\n| snyk/snyk:gradle-6.4-jdk11 | gradle:6.4-jdk11 |\n| snyk/snyk:gradle-6.4-jdk14 | gradle:6.4-jdk14 |\n| snyk/snyk:gradle-6.4-jdk8 | gradle:6.4-jdk8 |\n| snyk/snyk:maven-3-jdk-19 | maven:3-eclipse-temurin-19 |\n| snyk/snyk:dotnet-2.1 | mcr.microsoft.com/dotnet/core/sdk:2.1 |\n| snyk/snyk:dotnet-2.2 | mcr.microsoft.com/dotnet/core/sdk:2.2 |\n| snyk/snyk:dotnet-3.0 | mcr.microsoft.com/dotnet/core/sdk:3.0 |\n| snyk/snyk:dotnet-3.1 | mcr.microsoft.com/dotnet/core/sdk:3.1 |\n| snyk/snyk:node-8 | node:8 |\n| snyk/snyk:node-10 | node:10 |\n| snyk/snyk:node-12 | node:12 |\n| snyk/snyk:node-13 | node:13 |\n| snyk/snyk:node-14 | node:14 |\n| snyk/snyk:node-15 | node:15 |\n| snyk/snyk:node-16 | node:16 |\n| snyk/snyk:python-2.7 | python:2.7 |\n| snyk/snyk:python-3.6 | python:3.6 |\n| snyk/snyk:python-3.7 | python:3.7 |\n| snyk/snyk:ruby-2.4 | ruby:2.4 |\n| snyk/snyk:ruby-2.5 | ruby:2.5 |\n| snyk/snyk:ruby-2.6 | ruby:2.6 |\n| snyk/snyk:ruby-2.7 | ruby:2.7 |\n| snyk/snyk:sbt | hseeberger/scala-sbt:8u212_1.2.8_2.13.0 |\n| snyk/snyk:scala | hseeberger/scala-sbt:8u212_1.2.8_2.13.0 |\n\n### Security\nPlease be advised, that the docker images disable git trusted directory checks for all\ndirectories mounted or accessible within the docker image. Only mount directories into the\ndocker image that you trust.\n\n### Usage\n\nThese images are published on Docker Hub at [snyk/snyk](https://hub.docker.com/r/snyk/snyk) See the toolchain instructions below if you want to build your own versions.\n\nUsage requires a Snyk API token stored in an environment variable called `SNYK_TOKEN`.\n\nI've picked a somewhat random example Golang respository which is setup to use Go Modules.\n\n```console\n$ git clone git@github.com:puppetlabs/wash.git\n$ docker run --rm -it --env SNYK_TOKEN -v $(PWD):/app snyk/snyk:golang\n\nTesting /app...\n\nOrganization: garethr\nPackage manager: gomodules\nTarget file: go.mod\nOpen source: no\nProject path: /app\nLicenses: enabled\n\n✓ Tested 426 dependencies for known issues, no vulnerable paths found.\n\nNext steps:\n- Run `snyk monitor` to be notified about new related vulnerabilities.\n- Run `snyk test` as part of your CI/test.\n```\n\nHere's another example, this time using a vulnerable Node.js application:\n\n```console\n$ git clone git@github.com:snyk/goof.git\n$ docker run --rm -it --env SNYK_TOKEN -v $(PWD):/app snyk/snyk:node\n...\n✗ High severity vulnerability found in ejs\n Description: Arbitrary Code Execution\n Info: https://snyk.io/vuln/npm:ejs:20161128\n Introduced through: ejs@1.0.0, ejs-locals@1.0.2\n From: ejs@1.0.0\n From: ejs-locals@1.0.2 \u003e ejs@0.8.8\n Remediation:\n Upgrade direct dependency ejs@1.0.0 to ejs@2.5.3 (triggers upgrades to ejs@2.5.3)\n Some paths have no direct dependency upgrade that can address this issue.\n\n✗ High severity vulnerability found in dustjs-linkedin\n Description: Code Injection\n Info: https://snyk.io/vuln/npm:dustjs-linkedin:20160819\n Introduced through: dustjs-linkedin@2.5.0\n From: dustjs-linkedin@2.5.0\n Remediation:\n Upgrade direct dependency dustjs-linkedin@2.5.0 to dustjs-linkedin@2.6.0 (triggers upgrades to dustjs-linkedin@2.6.0)\n\n✗ High severity vulnerability found in adm-zip\n Description: Arbitrary File Write via Archive Extraction (Zip Slip)\n Info: https://snyk.io/vuln/npm:adm-zip:20180415\n Introduced through: adm-zip@0.4.7\n From: adm-zip@0.4.7\n Remediation:\n Upgrade direct dependency adm-zip@0.4.7 to adm-zip@0.4.11 (triggers upgrades to adm-zip@0.4.11)\n\n\n\nOrganization: garethr\nPackage manager: npm\nTarget file: package-lock.json\nOpen source: no\nProject path: /app\nLicenses: enabled\n\nTested 448 dependencies for known issues, found 47 issues, 90 vulnerable paths.\n\n```\n\n### Testing Docker images\n\nYou can test Docker images as well by mounting the local Docker socket:\n\n```\ndocker run --rm -it --env SNYK_TOKEN -v /var/run/docker.sock:/var/run/docker.sock snyk/snyk:docker snyk test --docker nginx\n```\n\n### Including Snyk in your own images\n\nA guide on adding Snyk into your own custom images can be found in the Snyk Docs under [User-defined custom images for CLI](https://docs.snyk.io/snyk-scm-ide-and-ci-cd-integrations/snyk-ci-cd-integrations/user-defined-custom-images-for-cli).\n\n#### A note on Go dep support\n\nUsing [dep](https://github.com/golang/dep) requires a little bit of extra work, as determining the dependencies requires the source code to be on the `GOPATH`.\nTo test projects using dep you need to mount the source into the relevant `GOPATH` directory and pass the same path as the working directory. Here's an example.\n\n```console\n$ docker run --rm -it --env SNYK_TOKEN --workdir /go/src/hypnoglow/helm-s3 -v (pwd):/go/src/hypnoglow/helm-s3 snyk/snyk:golang\nARCH = amd64\nOS = linux\nWill install into /go/bin\nFetching https://github.com/golang/dep/releases/latest..\nRelease Tag = v0.5.4\nFetching https://github.com/golang/dep/releases/tag/v0.5.4..\nFetching https://github.com/golang/dep/releases/download/v0.5.4/dep-linux-amd64..\nSetting executable permissions.\nMoving executable to /go/bin/dep\n\nTesting /go/src/hypnoglow/helm-s3...\n\nOrganization: garethr\nPackage manager: golangdep\nTarget file: Gopkg.lock\nOpen source: no\nProject path: /go/src/hypnoglow/helm-s3\nLicenses: enabled\n\n✓ Tested 72 dependencies for known issues, no vulnerable paths found.\n\nNext steps:\n- Run `snyk monitor` to be notified about new related vulnerabilities.\n- Run `snyk test` as part of your CI/test.\n```\n\n#### Note on using spaces in arguments\nWhen using argument values that include spaces please wrap the whole command in quotes as well as the individual argument itself.\n\n```console\n$ docker run --rm -it --env SNYK_TOKEN -v $(PWD):/app snyk/snyk:golang 'snyk code test --project-name=\"My Project\" --org=MyOrg'\n```\n\n#### `snyk/snyk:java` image\nFollowing [the deprecation of the docker Java image](https://github.com/docker-library/openjdk/issues/505) and with a lack of an alternative image, we had to remove the Java image.\n\n#### `snyk/snyk:maven` image\nFollowing the deprecation of the docker OpenJDK images, we now build these images using the eclipse-termurin jdk.\n\n### Running bootstrap commands\n\nIn some cases you may want to run a command before Snyk tests your dependencies. This is not required for most development environments. For common cases the images do some pre-work, for instance:\n\n* If Maven is installed and a `pom.xml` file is found, `mvn install` is run\n* If Pip is present and a `requirements.txt` file is found, run `pip install -r requirements.txt`\n* If Pipenv is present, run `pipenv sync` (if we find a `Pipfile.lock`) or `pipenv update` (if we find only a `Pipfile`)\n* If `pyproject.toml` is present then run `poetry install`. Will install `poetry` if not already present\n\nIf you have specific requirements you can pass the command to run (which replaces any of the above) using the `COMMAND` environment variable. For instance, if you have a Python project with dependencies specified in a file called `dependencies.txt` you could run:\n\n```\ndocker run --rm -it --env SNYK_TOKEN --env COMMAND=\"pip install -r dependencies.txt\" -v $(PWD):/app snyk/snyk:python snyk test --file=dependencies.txt\n```\n\nBy default the output for these bootstrap commands is not shown, so the output should just be that from Snyk. However if you're debugging an installation problem then you can pass the `DEBUG` environment variable to trigger the output from the intermediary commands.\n\n```\ndocker run --rm -it --env SNYK_TOKEN --env DEBUG=1 -v $(PWD):/app snyk/snyk:python\n```\n\n## Toolchain\n\n### Usage\n\nWhen run, the `build` target will build an image for every parent image specified in both `linux` and `alpine` files. The only modifications made are to install the latest version of Snyk.\n\n```\nmake build\n```\n\nNote that this requires a modern version of Docker with BuildKit enabled. You can do this in most cases by setting `export DOCKER_BUILDKIT=1`.\n\n\n### Maintenance\n\nPotentially the lists of images in `linux` and `alpine` could grow large, so keeping them in alphabetical order should help to maintain some semblance of order. The following command will sort both files.\n\n```\nmake sort\n```\n\nAs well as knowing the images build correctly it's useful to have a basic test suite. At present this is very minimal, mainly a demonstrating using [Structure Tests](https://github.com/GoogleContainerTools/container-structure-test). You don't need anything except Docker installed locally to run the tests.\n\n```\nmake test\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsnyk%2Fsnyk-images","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsnyk%2Fsnyk-images","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsnyk%2Fsnyk-images/lists"}