Skip to content

Merge pull request #969 from guardian/update/non_aws #806

Merge pull request #969 from guardian/update/non_aws

Merge pull request #969 from guardian/update/non_aws #806

Workflow file for this run

# This workflow runs Snyk Monitor on every push to main.
name: Snyk
on:
push:
branches:
- main
workflow_dispatch:
jobs:
security:
runs-on: ubuntu-latest
permissions:
# required for all workflows
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Update Snyk UI with current vulnerabilities
uses: snyk/actions/[email protected]
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
command: monitor
args: --org=the-guardian-cuu --project-name=${{ github.repository }}
- name: Update Github Code Scanning file with current vulnerabilities
uses: snyk/actions/[email protected]
continue-on-error: true # To make sure that SARIF upload gets called
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --sarif-file-output=snyk.sarif
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: snyk.sarif