Skip to content

Commit

Permalink
fixup
Browse files Browse the repository at this point in the history
  • Loading branch information
louisrubet committed Feb 15, 2024
1 parent eecb545 commit e44d2fc
Showing 1 changed file with 4 additions and 18 deletions.
22 changes: 4 additions & 18 deletions .github/workflows/snyk-security.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,39 +30,25 @@ permissions:
jobs:
snyk:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
contents: read
security-events: write
actions: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Snyk CLI to check for security issues
# Snyk can be used to break the build when it detects security issues.
# In this case we want to upload the SAST issues to GitHub Code Scanning
uses: snyk/actions/setup@806182742461562b67788a64410098c9d9b96adb

# For Snyk Open Source you must first set up the development environment for your application's dependencies
# For example for Node
#- uses: actions/setup-node@v3
# with:
# node-version: 16

env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

# Runs Snyk Code (SAST) analysis and uploads result into GitHub.
- name: Snyk Code test
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
run: |
snyk code test --sarif > snyk-code.sarif || true
cat snyk-code.sarif
# Runs Snyk Open Source (SCA) analysis and uploads result to Snyk.
- name: Snyk Open Source monitor
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
run: snyk monitor --all-projects

# Push the Snyk Code results into GitHub Code Scanning tab
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v2
Expand Down

0 comments on commit e44d2fc

Please sign in to comment.