Skip to content

DAS-2144 English content further changes #900

DAS-2144 English content further changes

DAS-2144 English content further changes #900

Workflow file for this run

# For more examples, including how to limit scans to only high-severity issues
# and fail PR checks, see https://github.com/snyk/actions/
name: Snyk Security
on:
pull_request:
branches: ['main']
schedule:
- cron: '12 8 * * 2'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
snyk:
permissions:
actions: read
contents: read
statuses: read
security-events: write
runs-on: ubuntu-latest
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
steps:
- name: 'Checkout repository'
uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98
- name: 'Set up Snyk CLI to check for security issues'
uses: snyk/actions/setup@v1
# Runs Snyk Code (SAST) analysis and uploads results into GitHub.
- name: 'Code (SAST) test and save SARIF'
run: snyk code test --sarif-file-output=snyk-code.sarif || true
# Runs Snyk Infrastructure as Code (IaC) analysis and uploads result into GitHub.
- name: 'Infrastructure as Code test and report'
run: snyk iac test --report || true
# Test node
- name: Run Snyk to check for vulnerabilities
uses: snyk/actions/node@master
continue-on-error: true
with:
args: --sarif-file-output=snyk.sarif
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: snyk.sarif
# Build the docker images for testing
- name: 'Container monitor ~ build Docker image'
run: docker image build -t cap-node:snyk .
# Runs Snyk Container (Container and SCA) analysis.
- name: 'Container monitor ~ analyse'
run: snyk container monitor cap-node:snyk --file=Dockerfile
# Push the Snyk Code results into GitHub Code Scanning tab
- name: 'Upload result to GitHub Code Scanning'
uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: snyk-code.sarif