From dea8c7ec355e49e976e65056b59904f93082be7c Mon Sep 17 00:00:00 2001
From: Trevor Whitney <trevorjwhitney@gmail.com>
Date: Thu, 19 Oct 2023 13:41:03 -0600
Subject: [PATCH 1/2] add scan-vulnerabilities make target

---
 Makefile | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/Makefile b/Makefile
index 2ef80687e7a13..3cb54b4805a63 100644
--- a/Makefile
+++ b/Makefile
@@ -831,5 +831,14 @@ dev-k3d-down:
 	$(MAKE) -C $(CURDIR)/tools/dev/k3d down
 
 # Trivy is used to scan images for vulnerabilities
+.PHONY: trivy
 trivy: loki-image
 	trivy i $(IMAGE_PREFIX)/loki:$(IMAGE_TAG)
+
+# Synk is also used to scan for vulnerabilities, and detects things that trivy might miss
+.PHONY: snyk
+snyk: loki-image
+	snyk container test $(IMAGE_PREFIX)/loki:$(IMAGE_TAG)
+
+.PHONY: scan-vulnerabilities
+scan-vulnerabilities: trivy snyk

From 13cf3f8d7ebbf4641db2aebcefac9efb0e25dcfc Mon Sep 17 00:00:00 2001
From: Trevor Whitney <trevorjwhitney@gmail.com>
Date: Thu, 19 Oct 2023 14:06:37 -0600
Subject: [PATCH 2/2] Add snyk code scan

---
 .gitignore | 3 +++
 Makefile   | 1 +
 2 files changed, 4 insertions(+)

diff --git a/.gitignore b/.gitignore
index ef9a59d5e5c26..66eb0a8cefeb2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -51,3 +51,6 @@ pkg/loki/wal
 
 # nix
 nix/result
+
+# snyk
+.dccache
diff --git a/Makefile b/Makefile
index 3cb54b4805a63..dace8181353f3 100644
--- a/Makefile
+++ b/Makefile
@@ -839,6 +839,7 @@ trivy: loki-image
 .PHONY: snyk
 snyk: loki-image
 	snyk container test $(IMAGE_PREFIX)/loki:$(IMAGE_TAG)
+	snyk code test
 
 .PHONY: scan-vulnerabilities
 scan-vulnerabilities: trivy snyk