Michael Braun metalstormbass

metalstormbass / gist:a4581c026f61fb58a779b0ca96a2e2a8

Created October 1, 2025 12:18

artifactory-export.sh

	#!/usr/bin/env bash
	set -euo pipefail

	if [[ $# -lt 3 ]]; then
	echo "Usage: $0 <ARTIFACTORY_URL> <REPO> <OUTPUT_FILE>"
	echo ""
	echo "Environment variables required:"
	echo " USER=<username> - Artifactory username"
	echo " PASS=<password> - Artifactory password/API key"
	echo ""

metalstormbass / imagerule.rego

Last active May 13, 2024 12:44

Rule to check if your dockerfile is using cgr

	package main

	# Identify all `FROM` statements that do not match the allowed pattern
	deny[message] {
	some i
	instruction := input[i]
	instruction.Cmd == "from" # Ensure this is a FROM instruction

	# The `Value` is an array; extract the first element
	image := instruction.Value[0]

metalstormbass / tag_example_variables.sh

Created June 22, 2023 15:54

Tagging Command with Variables

	curl \
	--request POST \
	--header "Content-Type: application/json" \
	--header "Authorization: token $INSIGHTS_TOKEN" \
	--data-binary "{
	\"key\": \"component\",
	\"value\": \"$1\"
	}" \
	https://api.snyk.io/v1/org/$2/project/$3/tags

metalstormbass / tag_example.sh

Created June 21, 2023 15:12

Tag Example

	curl \
	--request POST \
	--header "Content-Type: application/json" \
	--header "Authorization: token INSERT_TOKEN \
	--data-binary "{
	\"key\": \"component\",
	\"value\": \"pkg:INSERT_REPO@INSERT_BRANCH\"
	}" \
	'https://api.snyk.io/v1/org/INSERT_ORG_ID/project/INSERT_PROJECT/tags'

metalstormbass / container registry agent

Last active May 18, 2023 18:07

	docker run -d --restart=always --name broker \
	-p 8000:8000 \
	-e BROKER_TOKEN=secret-broker-token \
	-e BROKER_CLIENT_URL=http://broker:8000 \
	-e CR_AGENT_URL=https://cra:8081 \
	-e CR_TYPE=quay-cr \
	-e CR_BASE=your.container.registry.domain.com \
	-e CR_USERNAME=secret-container-registry-username \
	-e CR_PASSWORD=secret-container-registry-password \
	-e PORT=8000 \

metalstormbass / gitlab_broker

Last active April 28, 2023 14:03

gitlab broker

	docker run --restart=always -d \
	-p 8000:8000 \
	-e BROKER_TOKEN=secret-broker-token \
	-e GITLAB_TOKEN=secret-gitlab-token \
	-e GITLAB=your.gitlab.domain.com \
	-e BROKER_CLIENT_URL=http://my.broker.client:8000 \
	-e ACCEPT_CODE=true \
	-e PORT=8000 \
	snyk/broker:gitlab

metalstormbass / gist:0632732dd4efc56aafa40eabee50ffb1

Last active April 10, 2023 13:16

Gitlab Broker

	### GITLAB BROKER

	# Create Docker Network

	docker network create snykBroker

	# Deploy Broker
	docker run --restart=always \
	-p 8000:8000 \
	-e BROKER_TOKEN=secret-broker-token \

metalstormbass / gist:0f65572a986478ce78d38c5d3186dd0b

Created March 10, 2023 17:03

metalstormbass / gist:fa823acc2ef11e59117b556f74f8fc72

Created January 12, 2023 22:03

accept mods

metalstormbass / snyk_code.sh

Created September 6, 2022 18:47

	# First let's run everything as normal, and output in JSON so we can process our results
	OUTFILE="vuln.json"
	snyk code test --json-file-output=vuln.json \|\| true # Never allow failure!
	snyk-to-html -i vuln.json -o results.html

	# Now we'll parse the json and check if there's any vulns of the type we select
	# (note this script can only detect one type of vuln to fail on right now)
	DISALLOW_VULNS="warning"
	NUMBER_DISALLOWED=$(cat $OUTFILE \| jq '[.runs[].results[].level \| select(.=="'$DISALLOW_VULNS'")] \| length')