We're finding that the process for adding new Docker images through the Snyk UI is tedious and requires a lot of manual configuration by the Snyk Administrator.
For every new release, we're finding that it takes a lot of searching, clicking and configuration to set the path to the Dockerfile and then set the test frequency.
In terms of outlining the steps taken to add each public Docker image to the Snyk portal, the manual process is outlined in this document.
Frequency: every release - whenever the images are published to Docker Hub, they can be added to the edgex-jenkins project.
Process:
The manual process for adding a new image is as follows:
1. Authenticate to the Snyk portal - https://snyk.io/login
2. Navigate to the Snyk project dashboard - https://app.snyk.io/org/edgex-jenkins/
3. Click Add project - Select Docker Hub
4. Select the latest tagged version of the image that needs to be added for the project - Select Add selected repositories
5. Once import of the image has completed - verify successful import via import log review
6. Within the Settings for each newly added image - Configure Dockerfile - Select GitHub and configure the mapping to set the path to the Dockerfile within the project repo
Note: not all Dockerfiles are in the root repo directory and some Dockerfiles are named differently - Dockerfile.alpine-3.9
7. Set Test Frequency - Select Test Weekly - Must click Update test frequency