Create snyk-scan.yml

Snyk scan workflow to scan for vulnerabilities

.github/workflows/snyk-scan.yml

@@ -0,0 +1,36 @@
+# Snyk: Scan for for vulnerabilities in your Python code and dependencies
+# The results are then uploaded to GitHub Security Code Scanning
+# https://github.com/snyk/actions/
+---
+    name: Snyk
+
+    on:
+      push:
+        branches: ["dev", main]
+      pull_request:
+        # The branches below must be a subset of the branches above
+        branches: ["dev"]
+      schedule:
+        - cron: "0 7,13 * * *"
+
+    jobs:
+      snyk:
+        permissions:
+          contents: read
+          security-events: write
+        runs-on: ubuntu-latest
+        steps:
+          - uses: actions/checkout@master
+          - name: Run Snyk to check for vulnerabilities
+            uses: snyk/actions/python@master
+            continue-on-error: true # To make sure that SARIF upload gets called
+            env:
+              SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+            with:
+              command: code test
+              args: --sarif-file-output=snyk.sarif
+          - name: Upload result to GitHub Code Scanning
+            uses: github/codeql-action/upload-sarif@v2
+            with:
+              sarif_file: snyk.sarif
+              category: snyk