deps: Bump Microsoft.NET.Test.Sdk from 17.14.1 to 18.5.1 #86
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Snyk Dependency Security Scan | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main, develop] | |
| schedule: | |
| - cron: "0 5 * * 1" | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| security-events: write | |
| jobs: | |
| snyk-dotnet: | |
| name: Snyk .NET Vulnerability Scan | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| steps: | |
| - name: Check Snyk token availability | |
| id: token-check | |
| run: | | |
| if [ -z "$SNYK_TOKEN" ]; then | |
| echo "available=false" >> $GITHUB_OUTPUT | |
| echo "::warning::SNYK_TOKEN secret is not configured. Skipping Snyk scan." | |
| echo "To enable Snyk scanning:" | |
| echo " 1. Sign up at https://snyk.io" | |
| echo " 2. Get your API token from https://app.snyk.io/account" | |
| echo " 3. Add it as a repository secret named SNYK_TOKEN" | |
| else | |
| echo "available=true" >> $GITHUB_OUTPUT | |
| echo "Snyk token is configured." | |
| fi | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| - name: Checkout repository | |
| if: steps.token-check.outputs.available == 'true' | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Setup .NET | |
| if: steps.token-check.outputs.available == 'true' | |
| uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5.2.0 | |
| with: | |
| dotnet-version: 8.0.x | |
| - name: Cache NuGet packages | |
| if: steps.token-check.outputs.available == 'true' | |
| uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 | |
| with: | |
| path: ~/.nuget/packages | |
| key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }} | |
| restore-keys: ${{ runner.os }}-nuget- | |
| - name: Restore dependencies | |
| if: steps.token-check.outputs.available == 'true' | |
| run: dotnet restore CompanyManagementSystem.sln | |
| - name: Run Snyk to check for vulnerabilities | |
| if: steps.token-check.outputs.available == 'true' | |
| uses: snyk/actions/dotnet@9adf32b1121593767fc3c057af55b55db032dc04 # v1.0.0 | |
| continue-on-error: true | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| with: | |
| args: >- | |
| --file=CompanyManagementSystem.sln | |
| --severity-threshold=medium | |
| --sarif-file-output=snyk-results.sarif | |
| - name: Upload Snyk SARIF to GitHub Security | |
| if: always() && steps.token-check.outputs.available == 'true' | |
| uses: github/codeql-action/upload-sarif@v4 | |
| with: | |
| sarif_file: snyk-results.sarif | |
| continue-on-error: true |