Decoupling Snyk Orb from Snyk CLI Docker Images

As a continued effort to help our users deliver secure code to production, we have decoupled Snyk Orb from the deprecated Snyk CLI Docker Images. Please note that these are breaking changes and require additional steps after an upgrade to Snyk Orb v2.0.0.

Your existing CircleCI setup will continue to function without interruption, as we are introducing these breaking changes following semantic release conventions. However, to benefit from future improvements to Snyk CLI, we strongly recommend that you upgrade Snyk Orb at your earliest convenience. A readme with code examples is here to help you get started.

Once upgraded, please make the following changes, which are breaking changes:

• remove the deprecated scan-iac job, an example of how it was used in previous versions <v2.0.0 is inline
  

  1description: >
  2  Use the Snyk orb inside a build job to scan a container image for known
  3  vulnerabilities
  4
  5usage:
  6  version: 2.1
  7
  8orbs:
  9    snyk: snyk/snyk@1.7.2
  10
  11  workflows:
  12    test:
  13      jobs:
  14        - snyk/scan-iac

• and, please switch to using snyk/scan instead, an example is inline
  

  1description: >
  2  Use the Snyk orb inside a build job to scan a container image for known
  3  vulnerabilities
  4
  5usage:
  6  version: 2.1
  7
  8  orbs:
  9    snyk: snyk/snyk@2.0.0
  10
  11  workflows:
  12    test:
  13      jobs:
  14        - snyk/scan:
  15            command: iac test

  To learn more about our CI/CD integrations, our product docs are here.