-
Notifications
You must be signed in to change notification settings - Fork 2
39 lines (34 loc) · 1.05 KB
/
snyk.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# This workflow runs Snyk Monitor on every push to main.
name: Snyk
on:
push:
branches:
- main
workflow_dispatch:
jobs:
security:
runs-on: ubuntu-latest
permissions:
# required for all workflows
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Update Snyk UI with current vulnerabilities
uses: snyk/actions/[email protected]
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
command: monitor
args: --org=the-guardian-cuu --project-name=${{ github.repository }}
- name: Update Github Code Scanning file with current vulnerabilities
uses: snyk/actions/[email protected]
continue-on-error: true # To make sure that SARIF upload gets called
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --sarif-file-output=snyk.sarif
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: snyk.sarif