DAS-2144 English content further changes #900
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # For more examples, including how to limit scans to only high-severity issues | |
| # and fail PR checks, see https://github.com/snyk/actions/ | |
| name: Snyk Security | |
| on: | |
| pull_request: | |
| branches: ['main'] | |
| schedule: | |
| - cron: '12 8 * * 2' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| jobs: | |
| snyk: | |
| permissions: | |
| actions: read | |
| contents: read | |
| statuses: read | |
| security-events: write | |
| runs-on: ubuntu-latest | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| steps: | |
| - name: 'Checkout repository' | |
| uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 | |
| - name: 'Set up Snyk CLI to check for security issues' | |
| uses: snyk/actions/setup@v1 | |
| # Runs Snyk Code (SAST) analysis and uploads results into GitHub. | |
| - name: 'Code (SAST) test and save SARIF' | |
| run: snyk code test --sarif-file-output=snyk-code.sarif || true | |
| # Runs Snyk Infrastructure as Code (IaC) analysis and uploads result into GitHub. | |
| - name: 'Infrastructure as Code test and report' | |
| run: snyk iac test --report || true | |
| # Test node | |
| - name: Run Snyk to check for vulnerabilities | |
| uses: snyk/actions/node@master | |
| continue-on-error: true | |
| with: | |
| args: --sarif-file-output=snyk.sarif | |
| - name: Upload result to GitHub Code Scanning | |
| uses: github/codeql-action/upload-sarif@v4 | |
| with: | |
| sarif_file: snyk.sarif | |
| # Build the docker images for testing | |
| - name: 'Container monitor ~ build Docker image' | |
| run: docker image build -t cap-node:snyk . | |
| # Runs Snyk Container (Container and SCA) analysis. | |
| - name: 'Container monitor ~ analyse' | |
| run: snyk container monitor cap-node:snyk --file=Dockerfile | |
| # Push the Snyk Code results into GitHub Code Scanning tab | |
| - name: 'Upload result to GitHub Code Scanning' | |
| uses: github/codeql-action/upload-sarif@v4 | |
| with: | |
| sarif_file: snyk-code.sarif |