Skip to content

Commit 24d027b

Browse files
timlertimler
authored
Create snyk-security.yml
Added a separate pipeline for Snyk Security scanning, as set up using the Github user interface to implement code scanning under Security.
1 parent 0096ad3 commit 24d027b

File tree

1 file changed

+62
-0
lines changed

1 file changed

+62
-0
lines changed

.github/workflows/snyk-security.yml

Lines changed: 62 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,62 @@
1+
# This workflow uses actions that are not certified by GitHub.
2+
# They are provided by a third-party and are governed by
3+
# separate terms of service, privacy policy, and support
4+
# documentation.
5+
6+
# A sample workflow which sets up Snyk to analyze the full Snyk platform (Snyk Open Source, Snyk Code,
7+
# Snyk Container and Snyk Infrastructure as Code)
8+
# The setup installs the Snyk CLI - for more details on the possible commands
9+
# check https://docs.snyk.io/snyk-cli/cli-reference
10+
# The results of Snyk Code are then uploaded to GitHub Security Code Scanning
11+
#
12+
# In order to use the Snyk Action you will need to have a Snyk API token.
13+
# More details in https://github.com/snyk/actions#getting-your-snyk-token
14+
# or you can signup for free at https://snyk.io/login
15+
#
16+
# For more examples, including how to limit scans to only high-severity issues
17+
# and fail PR checks, see https://github.com/snyk/actions/
18+
19+
name: Snyk Security
20+
21+
on:
22+
push:
23+
branches: ["master"]
24+
pull_request:
25+
branches: ["master"]
26+
27+
permissions:
28+
contents: read
29+
30+
jobs:
31+
snyk:
32+
permissions:
33+
contents: read
34+
security-events: write
35+
actions: read
36+
runs-on: ubuntu-latest
37+
steps:
38+
- uses: actions/checkout@v4
39+
40+
# Set up Java for Maven dependencies
41+
- name: Set up JDK
42+
uses: actions/setup-java@v3
43+
with:
44+
java-version: '17'
45+
distribution: 'adopt'
46+
cache: maven
47+
48+
- name: Set up Snyk CLI
49+
uses: snyk/actions/setup@806182742461562b67788a64410098c9d9b96adb
50+
env:
51+
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
52+
53+
- name: Snyk Code test
54+
run: snyk code test --sarif > snyk-code.sarif || true
55+
56+
- name: Snyk Open Source monitor
57+
run: snyk monitor --all-projects
58+
59+
- name: Upload result to GitHub Code Scanning
60+
uses: github/codeql-action/upload-sarif@v3
61+
with:
62+
sarif_file: snyk-code.sarif

0 commit comments

Comments
 (0)